[ovs-dev] Mail System Error - Returned Mail
Dear user dev@openvswitch.org, Your e-mail account was used to send a large amount of junk email during the last week. Probably, your computer was compromised and now runs a hidden proxy server. We recommend that you follow instructions in order to keep your computer safe. Best wishes, openvswitch.org technical support team. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Delivery failed
This message was undeliverable due to the following reason: Your message was not delivered because the destination server was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message could not be delivered within 5 days: Host 205.33.198.150 is not responding. The following recipients did not receive this message: Please reply to postmas...@openvswitch.org if you feel this message to be in error. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] how ovs sends port-shut message to controller ?
Hi experts, Just want to understand how port shut message sent by OVS to the controller when any one of the port admin state is set to down through CLI command.. As per openflow specification, when a port state is changed to down state, the switch should send OFPT_PORT_STATUS message to notify the controller of the change. Does OVS do so when port is marked as down through CLI ? Can someone quickly clarify my doubt ? Thanks, ~Kals~ ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] how to print message on OVS
Hi, I have added few helping comments in OVS code using "printf" and they are not getting printed on my console though those functions are hit... anyone has tried it out ? thanks, Kals ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] VMs are in different VLAN (but on the same host) ping each other...!
Hi experts, i have the following setup. VM1 - OVS ---VM2 *eth0 eth1* (vlan100,200) (vlan400,500) Have created two VMs say VM1 and VM2 and OVS has been connected with them. # eth0 has been configured as access port and associated with *Vlan 100,200* # eth1 has been configured as access port and associated with *Vlan 400,500* Now, Trying to ping VM2 from VM1 and the ping is success. Is it true that as ICMP packets are vlan unaware the packet reaching the end host? Thanks, kals ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] VMs are in different VLAN (but on the same host) ping each other...!
am still confusing why it works ? On Tue, Nov 3, 2015 at 4:38 PM, tech_kals Kals wrote: > Hi experts, > > i have the following setup. > > VM1 - OVS > ---VM2 > *eth0 eth1* >(vlan100,200) (vlan400,500) > > Have created two VMs say VM1 and VM2 and OVS has been connected with them. > > # eth0 has been configured as access port and associated with *Vlan > 100,200* > > # eth1 has been configured as access port and associated with *Vlan > 400,500* > > Now, Trying to ping VM2 from VM1 and the ping is success. > > Is it true that as ICMP packets are vlan unaware the packet reaching the > end host? > > > Thanks, > kals > ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Transaction PNF51MY6
Transaction Amount: 29491.64 US Dollars Date: 11-02-2015 Transaction Status: Please see enclosed Statement. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] How to use vlog in 'datapath' module?
hi all,
I'm trying to add something into datapath module and need to use vlog for
debugging.
I tried to put
#include "vlog.h"
at the biginning of datapath.c as well as
VLOG_DEFINE_THIS_MODULE(datapath);
I still got nothing in /var/log/openvswitch/ovs-vswitchd.log from the function
VLOG_INFO("HELLO WORLD");
in ovs_dp_process_packet function.
what should i do?
ps. I installed ovs 2.4.0 through .deb packages and runned ovs on mininet.
thanks,
Hs
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] How to use vlog in 'datapath' module?
On Tue, Nov 03, 2015 at 11:46:14PM +0800, wenhao...@gmail.com wrote:
> I'm trying to add something into datapath module and need to use vlog
> for debugging.
>
> I tried to put
> #include "vlog.h"
> at the biginning of datapath.c as well as
> VLOG_DEFINE_THIS_MODULE(datapath);
> I still got nothing in /var/log/openvswitch/ovs-vswitchd.log from the function
> VLOG_INFO("HELLO WORLD");
> in ovs_dp_process_packet function.
>
> what should i do?
datapath.c is part of the kernel, it's not going to work to use the OVS
userspace logging. It won't even compile.
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] VMs are in different VLAN (but on the same host) ping each other...!
On Tue, Nov 03, 2015 at 04:38:00PM +0530, tech_kals Kals wrote: > i have the following setup. > > VM1 - OVS > ---VM2 > *eth0 eth1* >(vlan100,200) (vlan400,500) This diagram is illegible. > Have created two VMs say VM1 and VM2 and OVS has been connected with them. > > # eth0 has been configured as access port and associated with *Vlan 100,200* > > # eth1 has been configured as access port and associated with *Vlan 400,500* That doesn't make sense. An access port is on just one VLAN. > Now, Trying to ping VM2 from VM1 and the ping is success. > > Is it true that as ICMP packets are vlan unaware the packet reaching the > end host? I think you're doing something wrong. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] how ovs sends port-shut message to controller ?
On Tue, Nov 03, 2015 at 04:02:59PM +0530, tech_kals Kals wrote: > Just want to understand how port shut message sent by OVS to the controller > when any one of the port admin state is set to down through CLI > command.. > > As per openflow specification, when a port state is changed to down state, > the switch should send OFPT_PORT_STATUS message to notify the controller > of the change. It works for me. When I type "ifconfig eth0 down", the controllers get OFPT_PORT_STATUS messages. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [mointor2 7/9] ovsdb-client: support monitor2
On Mon, Nov 2, 2015 at 11:50 PM, Liran Schour wrote:
> "dev" wrote on 22/10/2015 07:45:29 AM:
>>
>> Add monito2 option to ovsdb-client. Sed ovsdb-client(1) manpage patch
>> for details.
>>
>> Signed-off-by: Andy Zhou
>> ---
> ...
>
>> static void
>> +monitor2_print_row(struct json *row, const char *type, const char *uuid,
>> + const struct ovsdb_column_set *columns, struct table
>> *t)
>> +{
>> +if (!strcmp(type, "delete")) {
>> +if (row) {
>
> Should be: if (row->type != JSON_NULL) {
>
Yes, that's a bug. Thanks for catching it!
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] how to print message on OVS
> On Nov 3, 2015, at 2:47 AM, tech_kals Kals wrote: > > Hi, > > I have added few helping comments in OVS code using "printf" and they are > not getting printed on my console though those functions are hit... > > > anyone has tried it out ? Make sure that you're not running OVS in the background, with "--detach", for example. It's probably most reliable to use the VLOG macros and check your log files. --Justin ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] How to use vlog in 'datapath' module?
Please don't drop the list.
You need to use the usual Linux kernel tools, such as printk, to debug
the kernel module.
On Wed, Nov 04, 2015 at 01:35:56AM +0800, wenhao...@gmail.com wrote:
> Then what should i do to debug in datapath? Is there any other way to get
> information from this module? or even i'm not expected to modify this
> module?besides, do you use any ide to develop ovs that works
> well?thx a lot. Original Message Subject: Re: [ovs-dev] How
> to use vlog in 'datapath' module?From: Ben Pfaff To:
> wenhao...@gmail.comCC: dev@openvswitch.org type="attribution">On Tue, Nov 03, 2015 at
> 11:46:14PM +0800, wenhao...@gmail.com wrote:> I'm trying to add something
> into datapath module and need to use vlog> for debugging.> > I
> tried to put > #include "vlog.h" > at the biginning of datapath.c as
> well as > VLOG_DEFINE_THIS_MODULE(datapath);> I still got nothing in
> /var/log/openvswitch/ovs-vswitchd.log from the function> VLOG_INFO("HELLO
> WORLD");> in ovs_dp_process_packet function.> > what should i
> do?datapath.c is part of the kernel, it's not going to work to use
> the OVSuserspace logging. It won't even compile.
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH v2] datapath-windows: Updating an External Adapter causes flow lookup failure
On Mon, Nov 02, 2015 at 05:17:07PM -0800, Sairam Venugopal wrote: > This patch fixes an issue with updating the propeties of an external > adapter in Windows. The issue causes flow lookups to fail until the > kernel is reinstalled. > > Associated bug - https://github.com/openvswitch/ovs-issues/issues/102 I converted this to a Reported-by:. > Signed-off-by: Sairam Venugopal I added Nithin's ack and applied this to master. Thank you! ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] vlan_tci flow key attribute becoming zero
On Mon, Nov 02, 2015 at 02:27:21PM +, ravulakollu.ku...@wipro.com wrote: > I am using openvswitch 2.4 version , compiled under centos 7 (kernel version > 3.18.22) . I am sending double tagged traffic to one trunk port , the same > and coming out from the other trunk port (vswitchd is configured in normal > mode flow operation). > But somehow the vlan ID is becoming zero in the flow key. I believe it should > show the outer vlan ID. Is this a bug or what please, let me know . OVS doesn't fully support multiple tags, but if you're not popping off the outer tag then it should work OK. Can you explain how to reproduce the problem? ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] bfd: improve ovs-vswitchd.conf.db(5) manpage
> On Oct 22, 2015, at 8:43 PM, Andy Zhou wrote: > > Use the wording from RFC 5880 to describe the "diagnostic" and > "remote_diagnostic" fields. > > Reported-by: Justin Pettit > Signed-off-by: Andy Zhou > --- > vswitchd/vswitch.xml | 13 +++-- > 1 file changed, 7 insertions(+), 6 deletions(-) > > diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml > index 4dbd9e3..395d8f2 100644 > --- a/vswitchd/vswitch.xml > +++ b/vswitchd/vswitch.xml > @@ -2578,9 +2578,10 @@ > > > > - In case of a problem, set to an error message that reports what the > - local BFD session thinks is wrong. The error messages are defined > - in section 4.1 of [RFC 5880]. > + A diagnostic code specifying the local system's reason for the > + last change in session state. It allows the remote system to > + determine the reason that the previous session failed. The error > + messages are defined in section 4.1 of [RFC 5880]. > Do you think the middle sentence is necessary? It sounds like the remote side would read this column, but I doubt that's the case. Acked-by: Justin Pettit --Justin ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: Report correctly when trying to add tunnel types
On Thu, Oct 29, 2015 at 06:15:44AM +, Alin Serdean wrote: > Report invalid parameter to the userspace if the user tries to add a vport > tunnel type which is not supported by the kernel extension. > > Signed-off-by: Alin Gabriel Serdean Applied to master, thanks! ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] bfd: improve ovs-vswitchd.conf.db(5) manpage
On Tue, Nov 3, 2015 at 10:53 AM, Justin Pettit wrote: > >> On Oct 22, 2015, at 8:43 PM, Andy Zhou wrote: >> >> Use the wording from RFC 5880 to describe the "diagnostic" and >> "remote_diagnostic" fields. >> >> Reported-by: Justin Pettit >> Signed-off-by: Andy Zhou >> --- >> vswitchd/vswitch.xml | 13 +++-- >> 1 file changed, 7 insertions(+), 6 deletions(-) >> >> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml >> index 4dbd9e3..395d8f2 100644 >> --- a/vswitchd/vswitch.xml >> +++ b/vswitchd/vswitch.xml >> @@ -2578,9 +2578,10 @@ >> >> >> >> - In case of a problem, set to an error message that reports what >> the >> - local BFD session thinks is wrong. The error messages are defined >> - in section 4.1 of [RFC 5880]. >> + A diagnostic code specifying the local system's reason for the >> + last change in session state. It allows the remote system to >> + determine the reason that the previous session failed. The error >> + messages are defined in section 4.1 of [RFC 5880]. >> > > Do you think the middle sentence is necessary? It sounds like the remote > side would read this column, but I doubt that's the case. > I see. This is the wording from RFC 5880, but does not apply to OVS. I will remove it. > Acked-by: Justin Pettit Thanks for the review. I will push with the change. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] PassiveStream class in IDL library doesn't support AF_INET socket
On Wed, Oct 28, 2015 at 07:39:42AM +, D M, Vikas wrote: > We thought of using ovs IDL library for implementing the L2gateway in > openstack with ovsdb hardwatre vtep schema. > (https://wiki.openstack.org/wiki/Neutron/L2-GW ). > > ovsdb server initiates the connection to l2gateway agent with the entries in > manager table in ovsdb hardware vtep schema. > (https://bugs.launchpad.net/networking-l2gw/+bug/1466302 ) > > In this case the server code in ovs IDL (PassiveStream class) has to accept > the connection from ovsdb. > But currently, the supported type is punix (AF_UNIX). > (https://github.com/openvswitch/ovs/blob/master/python/ovs/stream.py ) > > So is there a way to accept tcp connection in IDL library? It's an unimplemented feature of the Python version of the IDL. We'd accept a patch to implement the feature. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH v4 1/3] Implement Openflow 1.4 Vacancy Events for OFPT_TABLE_MOD.
On Tue, Oct 27, 2015 at 10:42:41AM +0530, Saloni Jain wrote:
> >In ovs-ofctl.c, I don't think the table-mod code handles the case where
> >OF1.4 or OF1.5 is enabled but the switch does not support it.
>
> This means that in ovs-ofctl.c, for table-mod, it can happen that OF1.4 and
> OF1.5 are supported, but the switch in table-features capabilities does not
> support eviction or vacancy table-config parameters.
> So after checking the usable version as OF1.4 and OF1.5 for table-mod in
> ovs-ofctl.c, table feature request should be sent to the switch from
> ofctl_mod_table() in order to get the supported capabilities for the given
> table-id and if eviction/vacancy events are supported by switch, then only
> table-mod config property should be set.
I mean that the code should adapt its behavior based on the protocol
version that is actually in use in the OpenFlow connection, rather than
on the protocol versions that are enabled.
> >The syntax seems kind of odd actually. How about "vacancy(low,high)"?
>
> Parentheses - "()" and "{}" are used for command grouping in shell and will
> give error "syntax error:bash: syntax error near unexpected token `('", when
> used with any command.
> So in order to avoid the error, we have to use escape characters or
> single/double quotes around "vacancy(low,high)" in ovs-ofctl mod-table
> command, such that, the command looks like:
> ovs-ofctl -O Openflow14 mod-table br0 0
> 'vacancy(low,high)'
>
> I have also tried for "vacancy[low,high]", that is using square brackets [],
> but I am facing problem in test cases. In file ofproto.at square brackets are
> ignored in AT_CHECK[] and so test case for mod-table for vacancy is failing.
> Other possible syntax are -- vacancy:low-high or vacancy:low,high
vacancy:low,high seems like a reasonable choice to me, too.
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 1/3] ovn: Fix check on existing encap row.
On Tue, Oct 27, 2015 at 06:05:33PM +0900, Russell Bryant wrote: > This code does some checking to validate the existing encaps for a > chassis to see if they need to be updated. This typo resulted in > ovn-controller re-creating its encap(s) every time this code ran, making > ovn-controller and ovsdb-server eat up a CPU in my testing. > > Signed-off-by: Russell Bryant Thanks for finding and fixing the problem. Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 2/3] ovn: Remove duplicate versions from schemas.
On Tue, Oct 27, 2015 at 06:05:34PM +0900, Russell Bryant wrote: > Since commit 5935835968c9d36ffe306863f0c8079d3b670e2a, the OVN nb and sb > schema definitions have included duplicate version entries. In the nb > case, the version has since been updated to 2.0.0, but only in one > place. Remove the duplicate version entries that were at the bottom of > the files. > > Signed-off-by: Russell Bryant Oh, wow. Thanks. I'm surprised that the OVS JSON parser doesn't reject this. I might have to have another look at it. Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] Fix command typo in INSTALL.SSL.md
From: Aaron Rosen Signed-off-by: Aaron Rosen --- INSTALL.SSL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md index 06be303..f294a27 100644 --- a/INSTALL.SSL.md +++ b/INSTALL.SSL.md @@ -202,7 +202,7 @@ more secure. 1. Run the following command on the Open vSwitch itself: - % ovs-pki req sc switch + % ovs-pki req+sign sc switch (This command does not require a copy of any of the PKI files generated by "ovs-pki init", and you should not copy them to the -- 1.9.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] Fix command typo in INSTALL.SSL.md
Signed-off-by: Aaron Rosen --- INSTALL.SSL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md index 06be303..f294a27 100644 --- a/INSTALL.SSL.md +++ b/INSTALL.SSL.md @@ -202,7 +202,7 @@ more secure. 1. Run the following command on the Open vSwitch itself: - % ovs-pki req sc switch + % ovs-pki req+sign sc switch (This command does not require a copy of any of the PKI files generated by "ovs-pki init", and you should not copy them to the -- 1.9.1 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 2/3] ovn: Remove duplicate versions from schemas.
On Tue, Nov 03, 2015 at 12:26:42PM -0800, Ben Pfaff wrote: > I'm surprised that the OVS JSON parser doesn't reject this. I might > have to have another look at it. The OVS JSON parser always uses the last value when there is a duplicate key within an object. It doesn't complain in any way. I wonder whether we should change this, but I also wonder whether it would be likely to break anything it we did. I guess it would be easy to try it and find out. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 3/3] ovn-northd: Fix table ID in a comment.
On Tue, Oct 27, 2015 at 06:05:35PM +0900, Russell Bryant wrote: > This changed from 2 to 3 when ACLs got implemented, as it turned out > ACLs needed two tables (1 and 2). > > While we're at it, do a bit of OCD formatting cleanup by fixing the > alignment of '\' at the end of each line in the logical flow table > defininitions. > > Signed-off-by: Russell Bryant Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: STT - Offload inner checksum calculation
On Tue, Oct 27, 2015 at 02:36:03PM -0700, Sairam Venugopal wrote: > Offload the inner checksum computation to NDIS in OvsDecapStt function. > > Signed-off-by: Sairam Venugopal Applied, thanks! I'd ordinarily wait for a Cloudbase review but this feature is so new that this patch can't really cause regressions. Thanks, Ben. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] Fix command typo in INSTALL.SSL.md
On Tue, Nov 03, 2015 at 12:29:21PM -0800, Aaron Rosen wrote: > Signed-off-by: Aaron Rosen > --- > INSTALL.SSL.md | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md > index 06be303..f294a27 100644 > --- a/INSTALL.SSL.md > +++ b/INSTALL.SSL.md > @@ -202,7 +202,7 @@ more secure. > > 1. Run the following command on the Open vSwitch itself: > > - % ovs-pki req sc switch > + % ovs-pki req+sign sc switch > > (This command does not require a copy of any of the PKI files > generated by "ovs-pki init", and you should not copy them to the That's not a typo, this workflow requires taking the certificate request to the machine that hosts the PKI for signing. See the section before that one for the req+sign workflow. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] datapath-windows: STT - Offload inner checksum calculation
Ben, Thanks for applying this one. Sairam On 11/3/15, 12:38 PM, "Ben Pfaff" wrote: >On Tue, Oct 27, 2015 at 02:36:03PM -0700, Sairam Venugopal wrote: >> Offload the inner checksum computation to NDIS in OvsDecapStt function. >> >> Signed-off-by: Sairam Venugopal > >Applied, thanks! > >I'd ordinarily wait for a Cloudbase review but this feature is so new >that this patch can't really cause regressions. > >Thanks, > >Ben. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] Fix command typo in INSTALL.SSL.md
Whoops I see: req NAME Create new private key and certificate request named NAME-privkey.pem and NAME-req.pem, resp. $ ovs-pki req sc switch /usr/local/bin/ovs-pki: req must have exactly one argument; use --help for help Maybe the typo then is the option reg does not take a TYPE so 'switch' should be removed? Aaron On Tue, Nov 3, 2015 at 12:40 PM, Ben Pfaff wrote: > On Tue, Nov 03, 2015 at 12:29:21PM -0800, Aaron Rosen wrote: > > Signed-off-by: Aaron Rosen > > --- > > INSTALL.SSL.md | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md > > index 06be303..f294a27 100644 > > --- a/INSTALL.SSL.md > > +++ b/INSTALL.SSL.md > > @@ -202,7 +202,7 @@ more secure. > > > > 1. Run the following command on the Open vSwitch itself: > > > > - % ovs-pki req sc switch > > + % ovs-pki req+sign sc switch > > > > (This command does not require a copy of any of the PKI files > > generated by "ovs-pki init", and you should not copy them to the > > That's not a typo, this workflow requires taking the certificate request > to the machine that hosts the PKI for signing. See the section before > that one for the req+sign workflow. > ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] INSTALL.SSL.md: Fix arguments to "ovs-pki req" command.
Reported-by: Aaron Rosen Reported-at: http://openvswitch.org/pipermail/dev/2015-November/061778.html Signed-off-by: Ben Pfaff --- INSTALL.SSL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.SSL.md b/INSTALL.SSL.md index 06be303..714c6ec 100644 --- a/INSTALL.SSL.md +++ b/INSTALL.SSL.md @@ -202,7 +202,7 @@ more secure. 1. Run the following command on the Open vSwitch itself: - % ovs-pki req sc switch + % ovs-pki req sc (This command does not require a copy of any of the PKI files generated by "ovs-pki init", and you should not copy them to the -- 2.1.3 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] Fix command typo in INSTALL.SSL.md
On Tue, Nov 03, 2015 at 12:49:15PM -0800, Aaron Rosen wrote: > Whoops I see: > > req NAME Create new private key and certificate request >named NAME-privkey.pem and NAME-req.pem, resp. > > > $ ovs-pki req sc switch > /usr/local/bin/ovs-pki: req must have exactly one argument; use --help for > help > > Maybe the typo then is the option reg does not take a TYPE so 'switch' > should be removed? Thanks, you're right. I sent out a patch: http://openvswitch.org/pipermail/dev/2015-November/061779.html This shell code in ovs-pki.in is so old, by the way, that in the repository that *predates* the current OVS repo, the commit message for the commit that introduced it was still just "Import from old repository commit 61ef2b42a9c4ba8e1600f15bb0236765edc2ad45." I wouldn't even know which old repository that was, or where to dig it up, and I was there for it. Pre-historic! ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH 3/3] ovn-northd: Fix table ID in a comment.
On 11/03/2015 03:34 PM, Ben Pfaff wrote: > On Tue, Oct 27, 2015 at 06:05:35PM +0900, Russell Bryant wrote: >> This changed from 2 to 3 when ACLs got implemented, as it turned out >> ACLs needed two tables (1 and 2). >> >> While we're at it, do a bit of OCD formatting cleanup by fixing the >> alignment of '\' at the end of each line in the logical flow table >> defininitions. >> >> Signed-off-by: Russell Bryant > > Acked-by: Ben Pfaff > Thanks for the reviews! I pushed this series to master. -- Russell Bryant ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] ovn-architecture: Start describing how to connect to physical networks.
On Thu, Oct 22, 2015 at 09:28:51AM -0700, Ben Pfaff wrote: > Signed-off-by: Ben Pfaff I'm abandoning this patch. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Analysis of failures seen when adding eth0 and eth0.300 vlan to OVS bridges
Hello,
I have a colleague who is creating an openvswitch configuration consisting
of an
eth0, a vlan eth0.300 and two OVS bridges: br-ex and br-fixed. The system
uses
openvswitch-2.1.2 and linux kernel version 3.12.X
Initially, eth0 and eth0.300 are configured with the following addresses:
eth0 192.168.124.81
eth0.300 192.168.126.2
Ultimately, eth0 and eth0.300 will become ports of br-ex and br-fixed,
however,
it is not known in advance, which interface will be added to which bridge.
Further, it's not known which interface/bridge combo will be configured
first.
All that is certain, is that the interfaces will be added to different
bridges.
What we see when the eth0.300/br-X is configured first, is a subsequent
failure during
configuration of eth0/br-Y.
We perform the following steps:
# ovs-vsctl add-br br-ex
# ip addr flush dev eth0.300
# ip addr add 192.168.126.2/24 dev br-ex
# ovs-vsctl add-port br-ex eth0.300
Up to this point, we are able to access 192.168.126.0/24 and
192.168.124.0/24
Continuing:
# ovs-vsctl add-br br-fixed
# ip addr flush dev eth0
# ip addr add 192.168.124.81/24 dev br-fixed
# ovs-vsctl add-port br-fixed eth0
And here we see the problem. Specifically:
/var/log/openvswitch/ovs-vswitchd.log:
2015-09-15T23:14:24.638Z|00023|dpif|WARN|system@ovs-system: failed to add
eth0 as port: File exists
Digging into the openvswitch datapath module, we find:
datapath/vport-netdev.c:netdev_create()
...
err = netdev_master_upper_dev_link(netdev_vport->dev,
get_dpdev(vport->dp));
...
netdev_master_upper_dev_link() is a kernel API which returns -EEXISTS from:
net/core/dev.c:__netdev_upper_dev_link()
...
if (__netdev_find_adj(dev, upper_dev, &dev->all_adj_list.upper))
return -EEXIST;
...
Thus, since ovs bridge ports get enslaved under ovs-system, regardless to
which
actual bridge they are added, a case of eth0 and eth0.300 vlan trip the
adjacency
checks in newer kernel version. Older kernel versions did not show this
error
as the datapath contains:
openvswitch-2.1.2/datapath/linux/compat/include/linux/netdevice.h:
...
#if LINUX_VERSION_CODE < KERNEL_VERSION(3,9,0)
/* XEN dom0 networking assumes dev->master is bond device
* and it tries to access bond private structure from dev->master
* ptr on receive path. This causes panic. Therefore it is better
* not to backport this API.
**/
static inline int netdev_master_upper_dev_link(struct net_device *dev,
struct net_device *upper_dev)
{
return 0;
}
static inline void netdev_upper_dev_unlink(struct net_device *dev,
struct net_device *upper_dev)
{
}
#endif
...
There is a 'workaround' we've employed, and that is when hitting this error,
to re-enslave eth0.300. This causes both eth0 and eth0.300 to be correctly
added to their respective bridges _and_ to be enslaved under ovs-system.
Clearly
this is exploiting a bit of a flaw, but it allows my colleague to proceed
on.
Aside from providing these data points to interested parties, I was hoping
I might get some feedback as to:
1. Whether this use case is at all valid - please note that another such
question
was posted to the mailer:
http://openvswitch.org/pipermail/discuss/2014-June/014219.html
2. What a suitable, ovs accepted, workaround/approach would be to solving
this problem.
Thanks in advance,
Karol
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] ovn-architecture: Start describing how to connect to physical networks.
Hi Ben, Could you share the reason of abandoning? Looking forward to a new patch regarding this topic. Han On Tue, Nov 3, 2015 at 1:42 PM, Ben Pfaff wrote: > On Thu, Oct 22, 2015 at 09:28:51AM -0700, Ben Pfaff wrote: > > Signed-off-by: Ben Pfaff > > I'm abandoning this patch. > ___ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev > ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [ICMP v2 1/7] ovn-northd.8: Correct description of sending out inport.
Signed-off-by: Justin Pettit --- ovn/northd/ovn-northd.8.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml index c5760a5..4bd1990 100644 --- a/ovn/northd/ovn-northd.8.xml +++ b/ovn/northd/ovn-northd.8.xml @@ -373,7 +373,7 @@ arp.sha = E; arp.tpa = arp.spa; arp.spa = A; outport = P; -inport = 0; /* Allow sending out inport. */ +inport = \"\"; /* Allow sending out inport. */ output; -- 1.7.5.4 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [ICMP v2 2/7] ovn-sb: Fix "ip.ttl--" lower limit description.
To decrement the IP TTL, the existing TTL can't be less than two. The
field is not bit-maskable, though, so "ip.ttl < 2" will not work.
Signed-off-by: Justin Pettit
---
ovn/ovn-sb.xml |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ovn/ovn-sb.xml b/ovn/ovn-sb.xml
index 9c2d411..e674f3a 100644
--- a/ovn/ovn-sb.xml
+++ b/ovn/ovn-sb.xml
@@ -870,7 +870,8 @@
Decrements the IPv4 or IPv6 TTL. If this would make the TTL zero
or negative, then processing of the packet halts; no further
actions are processed. (To properly handle such cases, a
-higher-priority flow should match on ip.ttl < 2.)
+higher-priority flow should match on
+ip.ttl == {0, 1};.)
Prerequisite: ip
--
1.7.5.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [ICMP v2 0/7] Logical Router Pings
This patch series makes it possible to modify ICMPv4 packets and ping logical router ports in OVN. It also has a few minor cleanups related to OVN. v1->v2: Resend without patches that have been already merged and rebased on latest master. Justin Pettit (7): ovn-northd.8: Correct description of sending out inport. ovn-sb: Fix "ip.ttl--" lower limit description. ovn: Use "ip.ttl--" instead of "ip4.ttl--". ovn: Change printed stage names. packets: Add support for modifying ICMP type and code. vswitchd: Allow modifying ICMP type and code. ovn-northd: Support pinging logical router ports. NEWS|1 + lib/flow.h |4 +- lib/meta-flow.h |8 ++-- lib/odp-execute.c | 12 ++- lib/odp-util.c | 44 +++-- lib/ofp-actions.c |4 ++ lib/packets.c | 18 lib/packets.h |1 + ovn/lib/actions.c |4 +- ovn/northd/ovn-northd.8.xml | 21 ++ ovn/northd/ovn-northd.c | 65 +++ ovn/ovn-sb.xml |3 +- ovn/utilities/ovn-sbctl.c |2 +- tests/ofproto.at|4 +- tests/ovn.at|5 ++- 15 files changed, 141 insertions(+), 55 deletions(-) -- 1.7.5.4 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [ICMP v2 6/7] vswitchd: Allow modifying ICMP type and code.
Signed-off-by: Justin Pettit
---
NEWS |1 +
lib/flow.h|4 ++--
lib/meta-flow.h |8
lib/odp-execute.c | 12 ++--
lib/odp-util.c| 44 +---
lib/ofp-actions.c |4
tests/ofproto.at |4 ++--
7 files changed, 64 insertions(+), 13 deletions(-)
diff --git a/NEWS b/NEWS
index 9b9dff2..cf99844 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,7 @@ Post-v2.4.0
* OpenFlow 1.4+ "importance" is now considered for flow eviction.
* OpenFlow 1.4+ OFPTC_EVICTION is now implemented.
* OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented.
+ * Allow modifying the ICMPv4/ICMPv6 type and code fields.
- Support for matching/generating options as well as the OAM bit with
Geneve tunnels.
- Support Multicast Listener Discovery (MLDv1 and MLDv2).
diff --git a/lib/flow.h b/lib/flow.h
index efd34a0..41397d4 100644
--- a/lib/flow.h
+++ b/lib/flow.h
@@ -135,8 +135,8 @@ struct flow {
ovs_be16 pad3; /* Pad to 64 bits. */
/* L4 (64-bit aligned) */
-ovs_be16 tp_src;/* TCP/UDP/SCTP source port. */
-ovs_be16 tp_dst;/* TCP/UDP/SCTP destination port. */
+ovs_be16 tp_src;/* TCP/UDP/SCTP source port/ICMP type. */
+ovs_be16 tp_dst;/* TCP/UDP/SCTP destination port/ICMP code. */
ovs_be32 igmp_group_ip4;/* IGMP group IPv4 address.
* Keep last for BUILD_ASSERT_DECL below. */
};
diff --git a/lib/meta-flow.h b/lib/meta-flow.h
index d22c156..736abc4 100644
--- a/lib/meta-flow.h
+++ b/lib/meta-flow.h
@@ -1569,7 +1569,7 @@ enum OVS_PACKED_ENUM mf_field_id {
* Maskable: no.
* Formatting: decimal.
* Prerequisites: ICMPv4.
- * Access: read-only.
+ * Access: read/write.
* NXM: NXM_OF_ICMP_TYPE(13) since v1.1.
* OXM: OXM_OF_ICMPV4_TYPE(19) since OF1.2 and v1.7.
* OF1.0: exact match.
@@ -1585,7 +1585,7 @@ enum OVS_PACKED_ENUM mf_field_id {
* Maskable: no.
* Formatting: decimal.
* Prerequisites: ICMPv4.
- * Access: read-only.
+ * Access: read/write.
* NXM: NXM_OF_ICMP_CODE(14) since v1.1.
* OXM: OXM_OF_ICMPV4_CODE(20) since OF1.2 and v1.7.
* OF1.0: exact match.
@@ -1601,7 +1601,7 @@ enum OVS_PACKED_ENUM mf_field_id {
* Maskable: no.
* Formatting: decimal.
* Prerequisites: ICMPv6.
- * Access: read-only.
+ * Access: read/write.
* NXM: NXM_NX_ICMPV6_TYPE(21) since v1.1.
* OXM: OXM_OF_ICMPV6_TYPE(29) since OF1.2 and v1.7.
*/
@@ -1615,7 +1615,7 @@ enum OVS_PACKED_ENUM mf_field_id {
* Maskable: no.
* Formatting: decimal.
* Prerequisites: ICMPv6.
- * Access: read-only.
+ * Access: read/write.
* NXM: NXM_NX_ICMPV6_CODE(22) since v1.1.
* OXM: OXM_OF_ICMPV6_CODE(30) since OF1.2 and v1.7.
*/
diff --git a/lib/odp-execute.c b/lib/odp-execute.c
index d2be71c..b5204b2 100644
--- a/lib/odp-execute.c
+++ b/lib/odp-execute.c
@@ -301,6 +301,16 @@ odp_execute_set_action(struct dp_packet *packet, const
struct nlattr *a)
set_arp(packet, nl_attr_get(a), NULL);
break;
+case OVS_KEY_ATTR_ICMP:
+case OVS_KEY_ATTR_ICMPV6:
+if (OVS_LIKELY(dp_packet_get_icmp_payload(packet))) {
+const struct ovs_key_icmp *icmp_key
+= nl_attr_get_unspec(a, sizeof(struct ovs_key_icmp));
+
+packet_set_icmp(packet, icmp_key->icmp_type, icmp_key->icmp_code);
+}
+break;
+
case OVS_KEY_ATTR_ND:
if (OVS_LIKELY(dp_packet_get_nd_payload(packet))) {
const struct ovs_key_nd *nd_key
@@ -323,8 +333,6 @@ odp_execute_set_action(struct dp_packet *packet, const
struct nlattr *a)
case OVS_KEY_ATTR_ETHERTYPE:
case OVS_KEY_ATTR_IN_PORT:
case OVS_KEY_ATTR_VLAN:
-case OVS_KEY_ATTR_ICMP:
-case OVS_KEY_ATTR_ICMPV6:
case OVS_KEY_ATTR_TCP_FLAGS:
case OVS_KEY_ATTR_CT_STATE:
case OVS_KEY_ATTR_CT_ZONE:
diff --git a/lib/odp-util.c b/lib/odp-util.c
index 8f0f39a..9b9792d 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -5189,6 +5189,43 @@ commit_set_arp_action(const struct flow *flow, struct
flow *base_flow,
}
static void
+get_icmp_key(const struct flow *flow, struct ovs_key_icmp *icmp)
+{
+/* icmp_type and icmp_code are stored in tp_src and tp_dst, respectively */
+icmp->icmp_type = ntohs(flow->tp_src);
+icmp->icmp_code = ntohs(flow->tp_dst);
+}
+
+static void
+put_icmp_key(const struct ovs_key_icmp *icmp, struct flow *flow)
+{
+/* icmp_type and icmp_code are stored in tp_src and tp_dst, respectively */
+flow->tp_src = htons(icmp->icmp_type);
+flow->tp_dst = htons(icmp->icmp_code);
+}
+
+static enum slow_path_reason
+commit_set_icmp_action(const struct flow *flow, struct flow *base_flow,
+ struct ofpbuf *odp_actions, struct flow_wildcards *wc)
+{
+struct ovs_key_icmp key, mask, base;
+
[ovs-dev] [ICMP v2 4/7] ovn: Change printed stage names.
The stage names were getting long and throwing off the formatting when
dumping the logical flows.
Signed-off-by: Justin Pettit
---
ovn/northd/ovn-northd.c | 40
ovn/utilities/ovn-sbctl.c |2 +-
2 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index c7d56fe..9996584 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -83,26 +83,26 @@ enum ovn_datapath_type {
* form the stage's full name, e.g. S_SWITCH_IN_PORT_SEC,
* S_ROUTER_OUT_DELIVERY. */
enum ovn_stage {
-#define PIPELINE_STAGES \
-/* Logical switch ingress stages. */\
-PIPELINE_STAGE(SWITCH, IN, PORT_SEC,0, "switch_in_port_sec") \
-PIPELINE_STAGE(SWITCH, IN, PRE_ACL, 1, "switch_in_pre_acl")\
-PIPELINE_STAGE(SWITCH, IN, ACL, 2, "switch_in_acl")\
-PIPELINE_STAGE(SWITCH, IN, L2_LKUP, 3, "switch_in_l2_lkup")\
-\
-/* Logical switch egress stages. */ \
-PIPELINE_STAGE(SWITCH, OUT, PRE_ACL, 0, "switch_out_pre_acl") \
-PIPELINE_STAGE(SWITCH, OUT, ACL, 1, "switch_out_acl") \
-PIPELINE_STAGE(SWITCH, OUT, PORT_SEC,2, "switch_out_port_sec") \
-\
-/* Logical router ingress stages. */\
-PIPELINE_STAGE(ROUTER, IN, ADMISSION, 0, "router_in_admission") \
-PIPELINE_STAGE(ROUTER, IN, IP_INPUT,1, "router_in_ip_input") \
-PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 2, "router_in_ip_routing") \
-PIPELINE_STAGE(ROUTER, IN, ARP, 3, "router_in_arp")\
-\
-/* Logical router egress stages. */ \
-PIPELINE_STAGE(ROUTER, OUT, DELIVERY,0, "router_out_delivery")
+#define PIPELINE_STAGES \
+/* Logical switch ingress stages. */ \
+PIPELINE_STAGE(SWITCH, IN, PORT_SEC,0, "ls_in_port_sec") \
+PIPELINE_STAGE(SWITCH, IN, PRE_ACL, 1, "ls_in_pre_acl") \
+PIPELINE_STAGE(SWITCH, IN, ACL, 2, "ls_in_acl") \
+PIPELINE_STAGE(SWITCH, IN, L2_LKUP, 3, "ls_in_l2_lkup") \
+ \
+/* Logical switch egress stages. */ \
+PIPELINE_STAGE(SWITCH, OUT, PRE_ACL, 0, "ls_out_pre_acl") \
+PIPELINE_STAGE(SWITCH, OUT, ACL, 1, "ls_out_acl") \
+PIPELINE_STAGE(SWITCH, OUT, PORT_SEC,2, "ls_out_port_sec")\
+ \
+/* Logical router ingress stages. */ \
+PIPELINE_STAGE(ROUTER, IN, ADMISSION, 0, "lr_in_admission")\
+PIPELINE_STAGE(ROUTER, IN, IP_INPUT,1, "lr_in_ip_input") \
+PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 2, "lr_in_ip_routing") \
+PIPELINE_STAGE(ROUTER, IN, ARP, 3, "lr_in_arp") \
+ \
+/* Logical router egress stages. */ \
+PIPELINE_STAGE(ROUTER, OUT, DELIVERY,0, "lr_out_delivery")
#define PIPELINE_STAGE(DP_TYPE, PIPELINE, STAGE, TABLE, NAME) \
S_##DP_TYPE##_##PIPELINE##_##STAGE \
diff --git a/ovn/utilities/ovn-sbctl.c b/ovn/utilities/ovn-sbctl.c
index 7861fe7..cf3c559 100644
--- a/ovn/utilities/ovn-sbctl.c
+++ b/ovn/utilities/ovn-sbctl.c
@@ -736,7 +736,7 @@ cmd_lflow_list(struct ctl_context *ctx)
}
const char *table_name = smap_get(&lflow->external_ids, "stage-name");
-printf(" table=%" PRId64 "(%8s), priority=%5" PRId64
+printf(" table=%" PRId64 "(%16s), priority=%5" PRId64
", match=(%s), action=(%s)\n",
lflow->table_id, table_name ? table_name : "",
lflow->priority, lflow->match, lflow->actions);
--
1.7.5.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [ICMP v2 7/7] ovn-northd: Support pinging logical router ports.
Signed-off-by: Justin Pettit
---
ovn/northd/ovn-northd.8.xml |5 +
ovn/northd/ovn-northd.c | 23 ---
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index 6f0a420..e7dec72 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -340,6 +340,7 @@ ip4.dst = ip4.src;
ip4.src = S;
ip.ttl = 255;
icmp4.type = 0;
+inport = \"\"; /* Allow sending out inport. */
next;
@@ -348,10 +349,6 @@ next;
each individual inport, and use the same actions in
which S is a function of inport.
-
-
- Not yet implemented.
-
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index 9996584..8fe0c2c 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -1295,8 +1295,6 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap
*ports,
/* This flow table structure is documented in ovn-northd(8), so please
* update ovn-northd.8.xml if you change anything. */
-/* XXX ICMP echo reply */
-
/* Logical router ingress table 0: Admission control framework. */
struct ovn_datapath *od;
HMAP_FOR_EACH (od, key_node, datapaths) {
@@ -1384,12 +1382,31 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap
*ports,
match, "drop;");
free(match);
+/* ICMP echo reply. These flows reply to ICMP echo requests
+ * received for the router's IP address. */
+match = xasprintf(
+"inport == %s && (ip4.dst == "IP_FMT" || ip4.dst == "IP_FMT") && "
+"icmp4.type == 8 && icmp4.code == 0",
+op->json_key, IP_ARGS(op->ip), IP_ARGS(op->bcast));
+char *actions = xasprintf(
+"ip4.dst = ip4.src; "
+"ip4.src = "IP_FMT"; "
+"ip.ttl = 255; "
+"icmp4.type = 0; "
+"inport = \"\"; /* Allow sending out inport. */ "
+"next; ",
+IP_ARGS(op->ip));
+ovn_lflow_add(lflows, op->od, S_ROUTER_IN_IP_INPUT, 90,
+ match, actions);
+free(match);
+free(actions);
+
/* ARP reply. These flows reply to ARP requests for the router's own
* IP address. */
match = xasprintf(
"inport == %s && arp.tpa == "IP_FMT" && arp.op == 1",
op->json_key, IP_ARGS(op->ip));
-char *actions = xasprintf(
+actions = xasprintf(
"eth.dst = eth.src; "
"eth.src = "ETH_ADDR_FMT"; "
"arp.op = 2; /* ARP reply */ "
--
1.7.5.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [ICMP v2 3/7] ovn: Use "ip.ttl--" instead of "ip4.ttl--".
Signed-off-by: Justin Pettit
---
ovn/lib/actions.c |4 ++--
ovn/northd/ovn-northd.8.xml | 14 +++---
ovn/northd/ovn-northd.c |2 +-
tests/ovn.at|5 +++--
4 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/ovn/lib/actions.c b/ovn/lib/actions.c
index ccf97f0..693b1c1 100644
--- a/ovn/lib/actions.c
+++ b/ovn/lib/actions.c
@@ -247,9 +247,9 @@ parse_actions(struct action_context *ctx)
parse_next_action(ctx);
} else if (lexer_match_id(ctx->lexer, "output")) {
emit_resubmit(ctx, ctx->output_ptable);
-} else if (lexer_match_id(ctx->lexer, "ip4.ttl")) {
+} else if (lexer_match_id(ctx->lexer, "ip.ttl")) {
if (lexer_match(ctx->lexer, LEX_T_DECREMENT)) {
-struct expr *e = expr_parse_string("ip4", ctx->symtab,
+struct expr *e = expr_parse_string("ip", ctx->symtab,
&ctx->error);
ctx->prereqs = expr_combine(EXPR_T_AND, ctx->prereqs, e);
ofpact_put_DEC_TTL(ctx->ofpacts);
diff --git a/ovn/northd/ovn-northd.8.xml b/ovn/northd/ovn-northd.8.xml
index 4bd1990..6f0a420 100644
--- a/ovn/northd/ovn-northd.8.xml
+++ b/ovn/northd/ovn-northd.8.xml
@@ -338,7 +338,7 @@
ip4.dst = ip4.src;
ip4.src = S;
-ip4.ttl = 255;
+ip.ttl = 255;
icmp4.type = 0;
next;
@@ -460,7 +460,7 @@ output;
ICMP time exceeded. For each router port P, whose IP
address is A, a priority-40 flow with match inport
- == P && ip4.ttl == {0, 1} &&
+ == P && ip.ttl == {0, 1} &&
!ip.later_frag matches packets whose TTL has expired, with the
following actions to send an ICMP time exceeded reply:
@@ -471,7 +471,7 @@ icmp4 {
icmp4.code = 0; /* TTL exceeded in transit. */
ip4.dst = ip4.src;
ip4.src = A;
-ip4.ttl = 255;
+ip.ttl = 255;
next;
};
@@ -482,7 +482,7 @@ icmp4 {
-TTL discard. A priority-30 flow with match ip4.ttl == {0,
+TTL discard. A priority-30 flow with match ip.ttl == {0,
1} and actions drop; drops other packets whose TTL
has expired, that should not receive a ICMP error reply (i.e. fragments
with nonzero offset).
@@ -519,13 +519,13 @@ icmp4 {
-ip4.ttl--;
+ip.ttl--;
reg0 = G;
next;
- (Ingress table 1 already verified that ip4.ttl--; will
+ (Ingress table 1 already verified that ip.ttl--; will
not yield a TTL exceeded error.)
@@ -549,7 +549,7 @@ icmp4 {
icmp4.code = 0; /* Network unreachable. */
ip4.dst = ip4.src;
ip4.src = A;
-ip4.ttl = 255;
+ip.ttl = 255;
next(2);
};
diff --git a/ovn/northd/ovn-northd.c b/ovn/northd/ovn-northd.c
index b196837..c7d56fe 100644
--- a/ovn/northd/ovn-northd.c
+++ b/ovn/northd/ovn-northd.c
@@ -1272,7 +1272,7 @@ add_route(struct hmap *lflows, struct ovn_datapath *od,
IP_ARGS(network), IP_ARGS(mask));
struct ds actions = DS_EMPTY_INITIALIZER;
-ds_put_cstr(&actions, "ip4.ttl--; reg0 = ");
+ds_put_cstr(&actions, "ip.ttl--; reg0 = ");
if (gateway) {
ds_put_format(&actions, IP_FMT, IP_ARGS(gateway));
} else {
diff --git a/tests/ovn.at b/tests/ovn.at
index 3e58ff3..68fcc9a 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -459,7 +459,8 @@ reg0 <-> reg1; =>
actions=push:OXM_OF_PKT_REG0[0..31],push:OXM_OF_PKT_REG0[32..6
vlan.pcp <-> reg0[0..2]; =>
actions=push:OXM_OF_PKT_REG0[32..34],push:NXM_OF_VLAN_TCI[13..15],pop:OXM_OF_PKT_REG0[32..34],pop:NXM_OF_VLAN_TCI[13..15],
prereqs=vlan.tci[12]
reg0[10] <-> vlan.pcp[1]; =>
actions=push:NXM_OF_VLAN_TCI[14],push:OXM_OF_PKT_REG0[42],pop:NXM_OF_VLAN_TCI[14],pop:OXM_OF_PKT_REG0[42],
prereqs=vlan.tci[12]
outport <-> inport; =>
actions=push:NXM_NX_REG6[],push:NXM_NX_REG7[],pop:NXM_NX_REG6[],pop:NXM_NX_REG7[],
prereqs=1
-ip4.ttl--; => actions=dec_ttl, prereqs=ip4
+ip.ttl--; => actions=dec_ttl, prereqs=ip
+ip.ttl = 4; => actions=set_field:4->nw_ttl, prereqs=eth.type == 0x800 ||
eth.type == 0x86dd
# Contradictionary prerequisites (allowed but not useful):
ip4.src = ip6.src[0..31]; =>
actions=move:NXM_NX_IPV6_SRC[0..31]->NXM_OF_IP_SRC[], prereqs=eth.type == 0x800
&& eth.type == 0x86dd
@@ -504,7 +505,7 @@ inport <-> reg0; => Can't exchange string field (inport)
with integer field (reg
inport <-> big_string; => String fields inport and big_string are incompatible
for exchange.
ip.proto <-> reg0[0..7]; => Field ip.proto is not modifiable.
reg0[0..7] <-> ip.proto; => Field ip.proto is not modifiable.
-ip4.ttl => Syntax error at end of input expecting `--'.
+ip.ttl => Syntax error at end of input expecting `--'.
]])
sed 's/ =>.*//' test-cases.txt > input.txt
sed 's/.* => //' test-cases.txt > expout
--
1.7.5.4
_
[ovs-dev] [ICMP v2 5/7] packets: Add support for modifying ICMP type and code.
Signed-off-by: Justin Pettit
---
lib/packets.c | 18 ++
lib/packets.h |1 +
2 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/lib/packets.c b/lib/packets.c
index 342d8b7..701a5ec 100644
--- a/lib/packets.c
+++ b/lib/packets.c
@@ -905,6 +905,24 @@ packet_set_sctp_port(struct dp_packet *packet, ovs_be16
src, ovs_be16 dst)
put_16aligned_be32(&sh->sctp_csum, old_csum ^ old_correct_csum ^ new_csum);
}
+/* Sets the ICMP type and code of the ICMP header contained in 'packet'.
+ * 'packet' must be a valid ICMP packet with its l4 offset properly
+ * populated. */
+void
+packet_set_icmp(struct dp_packet *packet, uint8_t type, uint8_t code)
+{
+struct icmp_header *ih = dp_packet_l4(packet);
+ovs_be16 orig_tc = htons(ih->icmp_type << 8 | ih->icmp_code);
+ovs_be16 new_tc = htons(type << 8 | code);
+
+if (orig_tc != new_tc) {
+ih->icmp_type = type;
+ih->icmp_code = code;
+
+ih->icmp_csum = recalc_csum16(ih->icmp_csum, orig_tc, new_tc);
+}
+}
+
void
packet_set_nd(struct dp_packet *packet, const ovs_be32 target[4],
const struct eth_addr sll, const struct eth_addr tll) {
diff --git a/lib/packets.h b/lib/packets.h
index 67f635e..de8d4b6 100644
--- a/lib/packets.h
+++ b/lib/packets.h
@@ -975,6 +975,7 @@ void packet_set_ipv6(struct dp_packet *, uint8_t proto,
const ovs_be32 src[4],
void packet_set_tcp_port(struct dp_packet *, ovs_be16 src, ovs_be16 dst);
void packet_set_udp_port(struct dp_packet *, ovs_be16 src, ovs_be16 dst);
void packet_set_sctp_port(struct dp_packet *, ovs_be16 src, ovs_be16 dst);
+void packet_set_icmp(struct dp_packet *, uint8_t type, uint8_t code);
void packet_set_nd(struct dp_packet *, const ovs_be32 target[4],
const struct eth_addr sll, const struct eth_addr tll);
--
1.7.5.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] tests: add documentation for OVS_WAIT_UNTIL and OVS_WAIT_WHILE macros
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Signed-off-by: Ansis Atteka
---
tests/ovs-macros.at | 14 ++
1 file changed, 14 insertions(+)
diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at
index 541b042..e9856b6 100644
--- a/tests/ovs-macros.at
+++ b/tests/ovs-macros.at
@@ -103,7 +103,21 @@ m4_define([OVS_WAIT],
[ovs_wait_cond () { $1
}
ovs_wait], [0], [ignore], [ignore], [$2])])
+
+dnl OVS_WAIT_UNTIL(COMMAND)
+dnl
+dnl Exectues shell COMMAND in a loop until it returns
+dnl non-zero return code. If COMMAND did not return
+dnl non-zero code within reasonable time limit, then
+dnl the test fails.
m4_define([OVS_WAIT_UNTIL], [OVS_WAIT([$1], [$2])])
+
+dnl OVS_WAIT_WHILE(COMMAND)
+dnl
+dnl Exectues shell COMMAND in a loop until it returns
+dnl zero return code. If COMMAND did not return
+dnl zero code within reasonable time limit, then
+dnl the test fails.
m4_define([OVS_WAIT_WHILE],
[OVS_WAIT([if $1; then return 1; else return 0; fi], [$2])])
--
2.1.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] tests: add documentation for OVS_WAIT_UNTIL and OVS_WAIT_WHILE macros
On Tue, Nov 03, 2015 at 04:04:33PM -0800, Ansis Atteka wrote:
> It is very easy to misuse these macros, because when the COMMAND
> returns exit code "0" it is actually considered as if condition
> evaluated to "true" and not "false" as some might think.
>
> This patch ensures that this is clearly reflected in documentation.
>
> Signed-off-by: Ansis Atteka
Thanks a lot for improving the documentation!
I think that this documentation is reversed. That is, OVS_WAIT_UNTIL
waits until the command returns success, that is, an exit code of zero,
and OVS_WAIT_WHILE waits until the command returns failure, that is, a
nonzero exit code.
Also, s/Exectues/Executes/.
> ---
> tests/ovs-macros.at | 14 ++
> 1 file changed, 14 insertions(+)
>
> diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at
> index 541b042..e9856b6 100644
> --- a/tests/ovs-macros.at
> +++ b/tests/ovs-macros.at
> @@ -103,7 +103,21 @@ m4_define([OVS_WAIT],
> [ovs_wait_cond () { $1
> }
> ovs_wait], [0], [ignore], [ignore], [$2])])
> +
> +dnl OVS_WAIT_UNTIL(COMMAND)
> +dnl
> +dnl Exectues shell COMMAND in a loop until it returns
> +dnl non-zero return code. If COMMAND did not return
> +dnl non-zero code within reasonable time limit, then
> +dnl the test fails.
> m4_define([OVS_WAIT_UNTIL], [OVS_WAIT([$1], [$2])])
> +
> +dnl OVS_WAIT_WHILE(COMMAND)
> +dnl
> +dnl Exectues shell COMMAND in a loop until it returns
> +dnl zero return code. If COMMAND did not return
> +dnl zero code within reasonable time limit, then
> +dnl the test fails.
> m4_define([OVS_WAIT_WHILE],
>[OVS_WAIT([if $1; then return 1; else return 0; fi], [$2])])
>
> --
> 2.1.4
>
> ___
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] tests: add documentation for OVS_WAIT_UNTIL and OVS_WAIT_WHILE macros
On Tue, Nov 3, 2015 at 4:07 PM, Ben Pfaff wrote:
> On Tue, Nov 03, 2015 at 04:04:33PM -0800, Ansis Atteka wrote:
>> It is very easy to misuse these macros, because when the COMMAND
>> returns exit code "0" it is actually considered as if condition
>> evaluated to "true" and not "false" as some might think.
>>
>> This patch ensures that this is clearly reflected in documentation.
>>
>> Signed-off-by: Ansis Atteka
>
> Thanks a lot for improving the documentation!
>
> I think that this documentation is reversed. That is, OVS_WAIT_UNTIL
> waits until the command returns success, that is, an exit code of zero,
> and OVS_WAIT_WHILE waits until the command returns failure, that is, a
> nonzero exit code.
Thanks. Not sure what I was thinking about since the documentations is
indeed reversed for both macros. Will send V2.
>
> Also, s/Exectues/Executes/.
ok
>
>> ---
>> tests/ovs-macros.at | 14 ++
>> 1 file changed, 14 insertions(+)
>>
>> diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at
>> index 541b042..e9856b6 100644
>> --- a/tests/ovs-macros.at
>> +++ b/tests/ovs-macros.at
>> @@ -103,7 +103,21 @@ m4_define([OVS_WAIT],
>> [ovs_wait_cond () { $1
>> }
>> ovs_wait], [0], [ignore], [ignore], [$2])])
>> +
>> +dnl OVS_WAIT_UNTIL(COMMAND)
>> +dnl
>> +dnl Exectues shell COMMAND in a loop until it returns
>> +dnl non-zero return code. If COMMAND did not return
>> +dnl non-zero code within reasonable time limit, then
>> +dnl the test fails.
>> m4_define([OVS_WAIT_UNTIL], [OVS_WAIT([$1], [$2])])
>> +
>> +dnl OVS_WAIT_WHILE(COMMAND)
>> +dnl
>> +dnl Exectues shell COMMAND in a loop until it returns
>> +dnl zero return code. If COMMAND did not return
>> +dnl zero code within reasonable time limit, then
>> +dnl the test fails.
>> m4_define([OVS_WAIT_WHILE],
>>[OVS_WAIT([if $1; then return 1; else return 0; fi], [$2])])
>>
>> --
>> 2.1.4
>>
>> ___
>> dev mailing list
>> dev@openvswitch.org
>> http://openvswitch.org/mailman/listinfo/dev
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCHv2] tests: add documentation for OVS_WAIT_UNTIL and OVS_WAIT_WHILE macros
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Signed-off-by: Ansis Atteka
---
tests/ovs-macros.at | 14 ++
1 file changed, 14 insertions(+)
diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at
index 541b042..9195f67 100644
--- a/tests/ovs-macros.at
+++ b/tests/ovs-macros.at
@@ -103,7 +103,21 @@ m4_define([OVS_WAIT],
[ovs_wait_cond () { $1
}
ovs_wait], [0], [ignore], [ignore], [$2])])
+
+dnl OVS_WAIT_UNTIL(COMMAND)
+dnl
+dnl Executes shell COMMAND in a loop until it returns
+dnl zero return code. If COMMAND did not return
+dnl zero code within reasonable time limit, then
+dnl the test fails.
m4_define([OVS_WAIT_UNTIL], [OVS_WAIT([$1], [$2])])
+
+dnl OVS_WAIT_WHILE(COMMAND)
+dnl
+dnl Executes shell COMMAND in a loop until it returns
+dnl non-zero return code. If COMMAND did not return
+dnl non-zero code within reasonable time limit, then
+dnl the test fails.
m4_define([OVS_WAIT_WHILE],
[OVS_WAIT([if $1; then return 1; else return 0; fi], [$2])])
--
2.1.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCHv2] tests: add documentation for OVS_WAIT_UNTIL and OVS_WAIT_WHILE macros
On Tue, Nov 03, 2015 at 04:19:16PM -0800, Ansis Atteka wrote: > It is very easy to misuse these macros, because when the COMMAND > returns exit code "0" it is actually considered as if condition > evaluated to "true" and not "false" as some might think. > > This patch ensures that this is clearly reflected in documentation. > > Signed-off-by: Ansis Atteka Acked-by: Ben Pfaff ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCHv2] tests: add documentation for OVS_WAIT_UNTIL and OVS_WAIT_WHILE macros
On Tue, Nov 3, 2015 at 4:22 PM, Ben Pfaff wrote: > On Tue, Nov 03, 2015 at 04:19:16PM -0800, Ansis Atteka wrote: >> It is very easy to misuse these macros, because when the COMMAND >> returns exit code "0" it is actually considered as if condition >> evaluated to "true" and not "false" as some might think. >> >> This patch ensures that this is clearly reflected in documentation. >> >> Signed-off-by: Ansis Atteka > > Acked-by: Ben Pfaff Thanks, I pushed it. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 03/11] ct-dpif: Add ct_dpif_dump_{start, next, done}().
These function can be used to dump conntrack entries from a datapath.
They simply call a function pointer in the dpif_class. No dpif currently
implements the interface.
The next commits will provide an implementation in dpif-netlink.
Signed-off-by: Daniele Di Proietto
---
lib/ct-dpif.c | 61 +
lib/ct-dpif.h | 10 +
lib/dpif-netdev.c | 3 +++
lib/dpif-netlink.c | 3 +++
lib/dpif-provider.h | 25 ++
5 files changed, 102 insertions(+)
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index c240522..eb1b2fc 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -20,6 +20,8 @@
#include "ct-dpif.h"
+#include "dpif-provider.h"
+
/* Declarations for conntrack entry formatting. */
struct flags {
uint32_t flag;
@@ -46,6 +48,65 @@ static const struct flags ct_dpif_status_flags[] = {
{ 0, NULL } /* End marker. */
};
+/* Dumping */
+
+/* Start dumping the entries from the connection tracker used by 'dpif'.
+ *
+ * 'dump' must be the address of a pointer to a struct ct_dpif_dump_state,
+ * which should be passed (unaltered) to ct_dpif_dump_{next,done}().
+ *
+ * If 'zone' is not NULL, it should point to an integer identifing a
+ * conntrack zone to which the dump will be limited.
+ *
+ * If there has been a problem the function returns a non-zero value
+ * that represents the error. Otherwise it returns zero. */
+int
+ct_dpif_dump_start(struct dpif *dpif, struct ct_dpif_dump_state **dump,
+ const uint16_t *zone)
+{
+int err;
+
+err = (dpif->dpif_class->ct_dump_start
+ ? dpif->dpif_class->ct_dump_start(dpif, dump, zone)
+ : EOPNOTSUPP);
+
+if (!err) {
+(*dump)->dpif = dpif;
+}
+
+return err;
+}
+
+/* Dump one connection from a tracker, and put it in 'entry'.
+ *
+ * 'dump' should have been initialized by ct_dpif_dump_start().
+ *
+ * The function returns 0, if an entry has been dumped succesfully.
+ * Otherwise it returns a non-zero value which can be:
+ * - EOF: meaning that there are no more entries to dump.
+ * - an error value.
+ * In both cases, the user should call ct_dpif_dump_done(). */
+int
+ct_dpif_dump_next(struct ct_dpif_dump_state *dump, struct ct_dpif_entry *entry)
+{
+struct dpif *dpif = dump->dpif;
+
+return (dpif->dpif_class->ct_dump_next
+? dpif->dpif_class->ct_dump_next(dpif, dump, entry)
+: EOPNOTSUPP);
+}
+
+/* Free resources used by 'dump' */
+int
+ct_dpif_dump_done(struct ct_dpif_dump_state *dump)
+{
+struct dpif *dpif = dump->dpif;
+
+return (dpif->dpif_class->ct_dump_done
+? dpif->dpif_class->ct_dump_done(dpif, dump)
+: EOPNOTSUPP);
+}
+
/* Free memory held by 'entry'. */
void
ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 5127ec2..03f1c20 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -165,6 +165,16 @@ struct ct_dpif_entry {
uint32_t mark;
};
+struct dpif;
+
+struct ct_dpif_dump_state {
+struct dpif *dpif;
+};
+
+int ct_dpif_dump_start(struct dpif *, struct ct_dpif_dump_state **,
+ const uint16_t *zone);
+int ct_dpif_dump_next(struct ct_dpif_dump_state *, struct ct_dpif_entry *);
+int ct_dpif_dump_done(struct ct_dpif_dump_state *);
void ct_dpif_entry_uninit(struct ct_dpif_entry *);
void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
bool verbose, bool print_stats);
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 47fa9e2..0f76249 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -3687,6 +3687,9 @@ const struct dpif_class dpif_netdev_class = {
dpif_netdev_enable_upcall,
dpif_netdev_disable_upcall,
dpif_netdev_get_datapath_version,
+NULL, /* ct_dump_start */
+NULL, /* ct_dump_next */
+NULL, /* ct_dump_done */
};
static void
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index c195042..bf81e61 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -2319,6 +2319,9 @@ const struct dpif_class dpif_netlink_class = {
NULL, /* enable_upcall */
NULL, /* disable_upcall */
dpif_netlink_get_datapath_version, /* get_datapath_version */
+NULL, /* ct_dump_start */
+NULL, /* ct_dump_next */
+NULL, /* ct_dump_done */
};
static int
diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h
index 5415897..f00e635 100644
--- a/lib/dpif-provider.h
+++ b/lib/dpif-provider.h
@@ -73,6 +73,9 @@ dpif_flow_dump_thread_init(struct dpif_flow_dump_thread
*thread,
thread->dpif = dump->dpif;
}
+struct ct_dpif_dump_state;
+struct ct_dpif_entry;
+
/* Datapath interface class structure, to be defined by each implementation of
* a datapath interface.
*
@@ -390,6 +393,28 @@ struct dpif_cl
[ovs-dev] [PATCH 11/11] system-kmod-macros: Do not require the 'conntrack' tool.
We can use 'test-ovs test-netlink-conntrack' instead. Now that it is not required anymore, we can remove the HAVE_CONNTRACK macro in the build system. Signed-off-by: Daniele Di Proietto --- tests/atlocal.in| 7 --- tests/system-kmod-macros.at | 5 ++--- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/tests/atlocal.in b/tests/atlocal.in index b234c52..5815c6c 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -111,13 +111,6 @@ if test "$IS_WIN32" = "yes"; then HAVE_PYTHON="no" fi -# Conntrack test requirements -if test x`which conntrack 2>/dev/null` != x; then -HAVE_CONNTRACK="yes" -else -HAVE_CONNTRACK="no" -fi - if test "$HAVE_PYTHON" = "yes" \ && test "x`$PYTHON $abs_top_srcdir/tests/test-l7.py --help | grep 'ftp'`" != x; then HAVE_PYFTPDLIB="yes" diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at index a48e8d9..3b8edbc 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at @@ -50,12 +50,11 @@ m4_define([OVS_TRAFFIC_VSWITCHD_STOP], # kernel conntrack tables when the test is finished. # m4_define([CHECK_CONNTRACK], -[AT_SKIP_IF([test $HAVE_CONNTRACK = no]) - AT_SKIP_IF([test $HAVE_PYTHON = no]) +[AT_SKIP_IF([test $HAVE_PYTHON = no]) m4_foreach([mod], [[nf_conntrack_ipv4], [nf_conntrack_ipv6]], [modprobe mod || echo "Module mod not loaded." on_exit 'modprobe -r mod' ]) - on_exit 'conntrack -F' + on_exit 'ovstest test-netlink-conntrack flush' ] ) -- 2.1.4 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 07/11] dpif-netlink: Implement ct_flush.
This member function is used by the ct-dpif module to provide its
services. It's implemented using the netlink-conntrack module.
N.B. The Linux kernel datapaths share the connection tracker among them
and with the rest of the system. Therefore the operations are not
really dpif specific.
Signed-off-by: Daniele Di Proietto
---
lib/dpif-netlink.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index 189506c..99457b9 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -2331,6 +2331,16 @@ dpif_netlink_ct_dump_done(struct dpif *dpif OVS_UNUSED,
return err;
}
+static int
+dpif_netlink_ct_flush(struct dpif *dpif OVS_UNUSED, const uint16_t *zone)
+{
+if (zone) {
+return nl_ct_flush_zone(*zone);
+} else {
+return nl_ct_flush();
+}
+}
+
const struct dpif_class dpif_netlink_class = {
"system",
NULL, /* init */
@@ -2374,7 +2384,7 @@ const struct dpif_class dpif_netlink_class = {
dpif_netlink_ct_dump_start,
dpif_netlink_ct_dump_next,
dpif_netlink_ct_dump_done,
-NULL, /* ct_flush */
+dpif_netlink_ct_flush,
};
static int
--
2.1.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 00/11] Conntrack debugging appctl/dpctl
The goal of this series is to introduce two dpctl command to interact
with the Linux kernel connection tracker. The same infrastructure
will be used by the userspace connection tracker.
First, it defines some structures and some formatting routines (ct-dpif).
Then, it adds some code to transform the netlink conntrack format
into the OVS specific structure (netlink-conntrack)
Some function pointers are added into dpif-provider to implement conntrack
flushing and dumping.
dpif-netlink implements the new dpif-provider interface using
netlink-conntrack.
New functions are added in ct-dpif to implement dumping and flushing.
The dpctl commands are finally added to the dpctl module, and they're
used by the system testsuite.
Finally, a test module (test-netlink-conntrack) is added to allow the use
of the netlink-conntrack API without a datapath.
Daniele Di Proietto (11):
ct-dpif: New module.
netlink-conntrack: New module.
ct-dpif: Add ct_dpif_dump_{start,next,done}().
ct-dpif: Add ct_dpif_flush().
dpif-netlink: Implement ct_dump_{start,next,done}.
dpctl: Add 'conntrack-dump' command.
dpif-netlink: Implement ct_flush.
dpctl: Add new 'flush-conntrack' command.
ovs-test: Add test-netlink-conntrack command.
system-traffic: use `dpctl/*conntrack` instead of `conntrack` tool.
system-kmod-macros: Do not require the 'conntrack' tool.
lib/automake.mk| 4 +
lib/ct-dpif.c | 415 +
lib/ct-dpif.h | 185 ++
lib/dpctl.c| 75
lib/dpctl.man | 30 ++
lib/dpif-netdev.c | 4 +
lib/dpif-netlink.c | 66
lib/dpif-provider.h| 29 ++
lib/netlink-conntrack.c| 821 +
lib/netlink-conntrack.h| 61 +++
tests/atlocal.in | 7 -
tests/automake.mk | 5 +
tests/system-common-macros.at | 10 +-
tests/system-kmod-macros.at| 5 +-
tests/system-traffic.at| 110 +++---
tests/test-netlink-conntrack.c | 175 +
16 files changed, 1931 insertions(+), 71 deletions(-)
create mode 100644 lib/ct-dpif.c
create mode 100644 lib/ct-dpif.h
create mode 100644 lib/netlink-conntrack.c
create mode 100644 lib/netlink-conntrack.h
create mode 100644 tests/test-netlink-conntrack.c
--
2.1.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 08/11] dpctl: Add new 'flush-conntrack' command.
Signed-off-by: Daniele Di Proietto
---
lib/dpctl.c | 30 ++
lib/dpctl.man | 6 ++
2 files changed, 36 insertions(+)
diff --git a/lib/dpctl.c b/lib/dpctl.c
index aadfd68..a87e71e 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -1285,6 +1285,35 @@ dpctl_dump_conntrack(int argc, const char *argv[],
return error;
}
+static int
+dpctl_flush_conntrack(int argc, const char *argv[],
+ struct dpctl_params *dpctl_p)
+{
+struct dpif *dpif;
+uint16_t zone, *pzone = NULL;
+char *name;
+int error;
+
+if (argc > 1 && ovs_scan(argv[argc - 1], "zone=%"SCNu16, &zone)) {
+pzone = &zone;
+argc--;
+}
+name = (argc == 2) ? xstrdup(argv[1]) : get_one_dp(dpctl_p);
+if (!name) {
+return EINVAL;
+}
+error = parsed_dpif_open(name, false, &dpif);
+free(name);
+if (error) {
+dpctl_error(dpctl_p, error, "opening datapath");
+return error;
+}
+
+error = ct_dpif_flush(dpif, pzone);
+
+dpif_close(dpif);
+return error;
+}
/* Undocumented commands for unit testing. */
@@ -1564,6 +1593,7 @@ static const struct dpctl_command all_commands[] = {
{ "del-flow", "del-flow [dp] flow", 1, 2, dpctl_del_flow },
{ "del-flows", "[dp]", 0, 1, dpctl_del_flows },
{ "dump-conntrack", "[dp]", 0, 2, dpctl_dump_conntrack },
+{ "flush-conntrack", "[dp]", 0, 2, dpctl_flush_conntrack },
{ "help", "", 0, INT_MAX, dpctl_help },
{ "list-commands", "", 0, INT_MAX, dpctl_list_commands },
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 54c3e8e..70df690 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -173,3 +173,9 @@ Prints to the console all the connection entries in the
tracker used by
in \fBzone\fR. With \fB\-\-more\fR, some implementation specific details
are included. With \fB\-\-statistics\fR timeouts and timestamps are
added to the output.
+.
+.TP
+\*(DX\fBflush\-conntrack [\fIdp\fR] [\fBzone=\fIzone\fR]
+Flushes all the connection entries in the tracker used by \fIdp\fR.
+If \fBzone=\fIzone\fR is specified, only flushes the connections in
+\fBzone\fR.
--
2.1.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 09/11] ovs-test: Add test-netlink-conntrack command.
Add a new test module to help debug Linux kernel conntrack development
unsing the netlink-conntrack module.
The tool has three uses:
* `ovstest test-netlink-conntrack dump [zone=zone]`
shows a list of the connection table
* `ovstest test-netlink-conntrack monitor`
displays the updates on the connection table, until killed with Ctrl-C
* `ovstest test-netlink-conntrack flush [zone=zone]`
empties connection (and therefore expectations table).
Signed-off-by: Daniele Di Proietto
---
tests/automake.mk | 5 ++
tests/test-netlink-conntrack.c | 175 +
2 files changed, 180 insertions(+)
create mode 100644 tests/test-netlink-conntrack.c
diff --git a/tests/automake.mk b/tests/automake.mk
index 5267be1..bcbd1ed 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -323,6 +323,11 @@ tests_ovstest_SOURCES += \
tests/test-unix-socket.c
endif
+if LINUX
+tests_ovstest_SOURCES += \
+ tests/test-netlink-conntrack.c
+endif
+
tests_ovstest_LDADD = lib/libopenvswitch.la ovn/lib/libovn.la
dist_check_SCRIPTS = tests/flowgen.pl
diff --git a/tests/test-netlink-conntrack.c b/tests/test-netlink-conntrack.c
new file mode 100644
index 000..c1240ab
--- /dev/null
+++ b/tests/test-netlink-conntrack.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 2015 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include
+
+#include "ct-dpif.h"
+#include "netlink-conntrack.h"
+#include "netlink-notifier.h"
+#include "ovstest.h"
+#include "poll-loop.h"
+
+/* Monitor command */
+struct test_change {
+enum nl_ct_event_type type;
+struct ct_dpif_entry entry;
+};
+
+static bool
+event_parse(struct ofpbuf *buf, void *change_)
+{
+struct test_change *change = change_;
+
+return nl_ct_parse_entry(buf, &change->entry, &change->type);
+}
+
+static void
+event_print(const void *change_, void *aux OVS_UNUSED)
+{
+const struct test_change *change = change_;
+
+if (change) {
+struct ds ds = DS_EMPTY_INITIALIZER;
+
+nl_ct_format_event_entry(&change->entry, change->type, &ds, true,
+ true);
+printf("%s\n", ds_cstr(&ds));
+ds_destroy(&ds);
+}
+}
+
+static void
+test_nl_ct_monitor(struct ovs_cmdl_context *ctx OVS_UNUSED)
+{
+int groups [] = {
+NFNLGRP_CONNTRACK_DESTROY,
+NFNLGRP_CONNTRACK_NEW,
+NFNLGRP_CONNTRACK_UPDATE,
+};
+
+struct nln *nlns[ARRAY_SIZE(groups)];
+struct nln_notifier *notifiers[ARRAY_SIZE(groups)];
+
+struct test_change change;
+
+unsigned i;
+
+for (i = 0; i < ARRAY_SIZE(groups); i++) {
+nlns[i] = nln_create(NETLINK_NETFILTER, groups[i], event_parse,
+ &change);
+
+notifiers[i] = nln_notifier_create(nlns[i], event_print, NULL);
+}
+
+for (;;) {
+for (i = 0; i < ARRAY_SIZE(groups); i++) {
+nln_run(nlns[i]);
+nln_wait(nlns[i]);
+}
+poll_block();
+}
+
+for (i = 0; i < ARRAY_SIZE(groups); i++) {
+nln_notifier_destroy(notifiers[i]);
+nln_destroy(nlns[i]);
+}
+}
+
+/* Dump command */
+static void
+test_nl_ct_dump(struct ovs_cmdl_context *ctx)
+{
+struct nl_ct_dump_state *dump;
+uint16_t zone, *pzone = NULL;
+struct ct_dpif_entry entry;
+int err;
+
+if (ctx->argc >= 2) {
+if (!ovs_scan(ctx->argv[1], "zone=%"SCNu16, &zone)) {
+ovs_fatal(0, "Error parsing zone= specifier");
+}
+pzone = &zone;
+}
+err = nl_ct_dump_start(&dump, pzone);
+if (err) {
+ovs_fatal(err, "Error creating conntrack netlink dump");
+}
+
+do {
+err = nl_ct_dump_next(dump, &entry);
+if (!err) {
+struct ds ds = DS_EMPTY_INITIALIZER;
+
+ct_dpif_format_entry(&entry, &ds, true, true);
+printf("%s\n", ds_cstr(&ds));
+ds_destroy(&ds);
+}
+} while (!err);
+
+if (err != EOF) {
+ovs_fatal(err, "Error dumping conntrack netlink entry");
+}
+nl_ct_dump_done(dump);
+}
+
+/* Flush command */
+static void
+test_nl_ct_flush(struct ovs_cmdl_context *ctx OVS_UNUSED)
+{
+int err;
+
+if (ctx->argc >= 2) {
+uint16_t zone;
+
+if (ovs_scan(ctx->argv[1], "zone=%"SCNu16, &zone)) {
+err = nl_ct_flush_zone(zone);
+} else {
+ovs_fatal(0, "Error parsing zone= specifier");
+}
+} els
[ovs-dev] [PATCH 10/11] system-traffic: use `dpctl/*conntrack` instead of `conntrack` tool.
Often in the tests we inspect the conntrack tables with the 'conntrack' command line utility. Since this may not always be available, and since these tests are supposed to run with the upcoming userspace connection tracker, it is better to use the newly implemented dpctl command. Due to the tcp state mapping done in tcp_state_coalesce(), SYN_RECV is replaced by ESTABLISHED in four places in the testsuite. The rest of the changes are just done to match the formatting style. Signed-off-by: Daniele Di Proietto --- tests/system-common-macros.at | 10 ++-- tests/system-traffic.at | 110 +- 2 files changed, 59 insertions(+), 61 deletions(-) diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at index f0da589..c732d28 100644 --- a/tests/system-common-macros.at +++ b/tests/system-common-macros.at @@ -119,15 +119,13 @@ m4_define([ADD_NATIVE_TUNNEL], # m4_define([FORMAT_PING], [grep "transmitted" | sed 's/time.*ms$/time 0ms/']) -# FORMAT_CT() +# FORMAT_CT([ip-addr]) # -# Strip content from the piped input which would differ from test to test. +# Strip content from the piped input which would differ from test to test +# and limit the output to the rows containing 'ip-addr'. # m4_define([FORMAT_CT], -[[grep "dst=$1" | sed -e 's/port=[0-9]*/port=/g' -e 's/ */ /g' \ - -e 's/secctx[^ ]* //' \ - -e 's/id=[0-9]*/id=/g' \ -| cut -d' ' -f4- | sort | uniq]]) +[[grep "dst=$1" | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' | sort | uniq]]) # NETNS_DAEMONIZE([namespace], [command], [pidfile]) # diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 3b2de83..e179d0b 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -213,8 +213,8 @@ dnl HTTP requests from ns0->ns1 should work fine. NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid]) NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) -AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2)], [0], [dnl -TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport= dport= src=10.1.1.2 dst=10.1.1.1 sport= dport= [[ASSURED]] mark=0 use=1 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl +tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport= dport=) reply=(src=10.1.1.2 dst=10.1.1.1 sport= dport=) protoinfo=(state=TIME_WAIT) ]) dnl HTTP requests from ns1->ns0 should fail due to network failure. @@ -421,8 +421,8 @@ dnl HTTP requests from p0->p1 should work fine. NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid]) NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) -AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2)], [0], [dnl -TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport= dport= src=10.1.1.2 dst=10.1.1.1 sport= dport= [[ASSURED]] mark=0 zone=1 use=1 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl +tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport= dport=) reply=(src=10.1.1.2 dst=10.1.1.1 sport= dport=) zone=1 protoinfo=(state=TIME_WAIT) ]) dnl HTTP requests from p2->p3 should fail due to network failure. @@ -430,8 +430,8 @@ dnl Try 3 times, in 1 second intervals. NETNS_DAEMONIZE([at_ns3], [[$PYTHON $srcdir/test-l7.py]], [http1.pid]) NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4]) -AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.4)], [0], [dnl -SYN_RECV src=10.1.1.3 dst=10.1.1.4 sport= dport= src=10.1.1.4 dst=10.1.1.3 sport= dport= mark=0 zone=2 use=1 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl +tcp orig=(src=10.1.1.3 dst=10.1.1.4 sport= dport=) reply=(src=10.1.1.4 dst=10.1.1.3 sport= dport=) zone=2 protoinfo=(state=ESTABLISHED) ]) OVS_TRAFFIC_VSWITCHD_STOP @@ -468,8 +468,8 @@ dnl HTTP requests from p0->p1 should work fine. NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid]) NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) -AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2)], [0], [dnl -TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport= dport= src=10.1.1.2 dst=10.1.1.1 sport= dport= [[ASSURED]] mark=0 zone=4097 use=1 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl +tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport= dport=) reply=(src=10.1.1.2 dst=10.1.1.1 sport= dport=) zone=4097 protoinfo=(state=TIME_WAIT) ]) dnl HTTP requests from p2->p3 should fail due to network failure. @@ -477,8 +477,8 @@ dnl Try 3 times, in 1 second intervals. NETNS_DAEMONIZE([at_ns3], [[$PYTHON $srcdir/test-l7.py]], [http1.pid]) NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4]) -AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.4)], [0], [dnl -SYN_RECV src=10.1.1.3 dst=10.1.1.4 sport= dport= src=10.1.1.4 dst=10.1.1.3 sport= dport= mark=0 zone=4098 use=1 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FO
[ovs-dev] [PATCH 05/11] dpif-netlink: Implement ct_dump_{start, next, done}.
These member functions are used by the ct-dpif module to provide its
services. They're implemented using the netlink-conntrack module.
N.B. The Linux kernel datapaths share the connection tracker among them
and with the rest of the system. Therefore the operations are not
really dpif specific.
Signed-off-by: Daniele Di Proietto
---
lib/dpif-netlink.c | 58 +++---
1 file changed, 55 insertions(+), 3 deletions(-)
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index fa995c1..189506c 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -40,6 +40,7 @@
#include "netdev.h"
#include "netdev-linux.h"
#include "netdev-vport.h"
+#include "netlink-conntrack.h"
#include "netlink-notifier.h"
#include "netlink-socket.h"
#include "netlink.h"
@@ -2279,6 +2280,57 @@ dpif_netlink_get_datapath_version(void)
return version_str;
}
+struct dpif_netlink_ct_dump_state {
+struct ct_dpif_dump_state up;
+struct nl_ct_dump_state *nl_ct_dump;
+};
+
+static int
+dpif_netlink_ct_dump_start(struct dpif *dpif OVS_UNUSED,
+ struct ct_dpif_dump_state **dump_,
+ const uint16_t *zone)
+{
+struct dpif_netlink_ct_dump_state *dump;
+int err;
+
+dump = xzalloc(sizeof *dump);
+err = nl_ct_dump_start(&dump->nl_ct_dump, zone);
+if (err) {
+free(dump);
+return err;
+}
+
+*dump_ = &dump->up;
+
+return 0;
+}
+
+static int
+dpif_netlink_ct_dump_next(struct dpif *dpif OVS_UNUSED,
+ struct ct_dpif_dump_state *dump_,
+ struct ct_dpif_entry *entry)
+{
+struct dpif_netlink_ct_dump_state *dump;
+
+INIT_CONTAINER(dump, dump_, up);
+
+return nl_ct_dump_next(dump->nl_ct_dump, entry);
+}
+
+static int
+dpif_netlink_ct_dump_done(struct dpif *dpif OVS_UNUSED,
+ struct ct_dpif_dump_state *dump_)
+{
+struct dpif_netlink_ct_dump_state *dump;
+int err;
+
+INIT_CONTAINER(dump, dump_, up);
+
+err = nl_ct_dump_done(dump->nl_ct_dump);
+free(dump);
+return err;
+}
+
const struct dpif_class dpif_netlink_class = {
"system",
NULL, /* init */
@@ -2319,9 +2371,9 @@ const struct dpif_class dpif_netlink_class = {
NULL, /* enable_upcall */
NULL, /* disable_upcall */
dpif_netlink_get_datapath_version, /* get_datapath_version */
-NULL, /* ct_dump_start */
-NULL, /* ct_dump_next */
-NULL, /* ct_dump_done */
+dpif_netlink_ct_dump_start,
+dpif_netlink_ct_dump_next,
+dpif_netlink_ct_dump_done,
NULL, /* ct_flush */
};
--
2.1.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 01/11] ct-dpif: New module.
This defines some structures (and their related formatting functions) to
manipulate entries in connection tracking tables.
It will be used by next commits.
Based on original work by Jarno Rajahalme
Signed-off-by: Jarno Rajahalme
Signed-off-by: Daniele Di Proietto
---
lib/automake.mk | 2 +
lib/ct-dpif.c | 343
lib/ct-dpif.h | 174
3 files changed, 519 insertions(+)
create mode 100644 lib/ct-dpif.c
create mode 100644 lib/ct-dpif.h
diff --git a/lib/automake.mk b/lib/automake.mk
index d8c00da..1986a31 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -51,6 +51,8 @@ lib_libopenvswitch_la_SOURCES = \
lib/crc32c.h \
lib/csum.c \
lib/csum.h \
+ lib/ct-dpif.c \
+ lib/ct-dpif.h \
lib/daemon.c \
lib/daemon.h \
lib/daemon-private.h \
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
new file mode 100644
index 000..c240522
--- /dev/null
+++ b/lib/ct-dpif.c
@@ -0,0 +1,343 @@
+/*
+ * Copyright (c) 2015 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include
+
+#include
+
+#include "ct-dpif.h"
+
+/* Declarations for conntrack entry formatting. */
+struct flags {
+uint32_t flag;
+const char *name;
+};
+
+static void ct_dpif_format_ipproto(struct ds *, uint16_t ipproto);
+static void ct_dpif_format_counters(struct ds *,
+const struct ct_dpif_counters *);
+static void ct_dpif_format_timestamp(struct ds *,
+ const struct ct_dpif_timestamp *);
+static void ct_dpif_format_flags(struct ds *, const char *title,
+ uint32_t flags, const struct flags *);
+static void ct_dpif_format_protoinfo(struct ds *, const char *title,
+ const struct ct_dpif_protoinfo *,
+ bool verbose);
+static void ct_dpif_format_helper(struct ds *, const char *title,
+ const struct ct_dpif_helper *);
+
+static const struct flags ct_dpif_status_flags[] = {
+#define CT_DPIF_STATUS_FLAG(FLAG) { CT_DPIF_STATUS_##FLAG, #FLAG },
+CT_DPIF_STATUS_FLAGS
+#undef CT_DPIF_STATUS_FLAG
+{ 0, NULL } /* End marker. */
+};
+
+/* Free memory held by 'entry'. */
+void
+ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
+{
+if (entry) {
+if (entry->helper.name) {
+free(entry->helper.name);
+}
+}
+}
+
+/* Conntrack entry formatting. */
+
+/* Format conntrack 'entry' of 'type' to 'ds'. */
+void
+ct_dpif_format_entry(const struct ct_dpif_entry *entry, struct ds *ds,
+ bool verbose, bool print_stats)
+{
+ct_dpif_format_ipproto(ds, entry->tuple_orig.ip_proto);
+
+ds_put_cstr(ds, " orig=(");
+ct_dpif_format_tuple(ds, &entry->tuple_orig, verbose);
+if (print_stats) {
+ct_dpif_format_counters(ds, &entry->counters_orig);
+}
+ds_put_cstr(ds, ")");
+
+ds_put_cstr(ds, " reply=(");
+ct_dpif_format_tuple(ds, &entry->tuple_reply, verbose);
+if (print_stats) {
+ct_dpif_format_counters(ds, &entry->counters_reply);
+}
+ds_put_cstr(ds, ")");
+
+if (print_stats) {
+ct_dpif_format_timestamp(ds, &entry->timestamp);
+}
+if (verbose) {
+ds_put_format(ds, " id=%"PRIu32, entry->id);
+}
+if (entry->zone) {
+ds_put_format(ds, " zone=%"PRIu16, entry->zone);
+}
+if (verbose) {
+ct_dpif_format_flags(ds, " status=", entry->status,
+ ct_dpif_status_flags);
+}
+if (print_stats) {
+ds_put_format(ds, " timeout=%"PRIu32, entry->timeout);
+}
+if (entry->mark) {
+ds_put_format(ds, " mark=%"PRIu32, entry->mark);
+}
+if (!ovs_u128_is_zero(&entry->labels)) {
+ovs_be128 value;
+
+ds_put_cstr(ds, " labels=");
+hton128(&entry->labels, &value);
+ds_put_hex(ds, &value, sizeof value);
+}
+ct_dpif_format_protoinfo(ds, " protoinfo=", &entry->protoinfo, verbose);
+ct_dpif_format_helper(ds, " helper=", &entry->helper);
+if (verbose && entry->tuple_master.l3_type != 0) {
+ds_put_cstr(ds, " master=(");
+ct_dpif_format_tuple(ds, &entry->tuple_master, verbose);
+ds_put_cstr(ds, ")");
+}
+}
+
+/* Formatters for the parts of the conntrack entries. */
+
+static void
+ct_dpif_format_ipproto(struct ds *ds,
[ovs-dev] [PATCH 06/11] dpctl: Add 'conntrack-dump' command.
It can be used to inspect the connection tracking entries in the
datapath.
Signed-off-by: Daniele Di Proietto
---
lib/dpctl.c | 45 +
lib/dpctl.man | 24
2 files changed, 69 insertions(+)
diff --git a/lib/dpctl.c b/lib/dpctl.c
index 48bf6bc..aadfd68 100644
--- a/lib/dpctl.c
+++ b/lib/dpctl.c
@@ -28,6 +28,7 @@
#include "command-line.h"
#include "compiler.h"
+#include "ct-dpif.h"
#include "dirs.h"
#include "dpctl.h"
#include "dpif.h"
@@ -1241,6 +1242,49 @@ dpctl_list_commands(int argc OVS_UNUSED, const char
*argv[] OVS_UNUSED,
return 0;
}
+
+static int
+dpctl_dump_conntrack(int argc, const char *argv[],
+ struct dpctl_params *dpctl_p)
+{
+struct ct_dpif_dump_state *dump;
+struct ct_dpif_entry cte;
+uint16_t zone, *pzone = NULL;
+struct dpif *dpif;
+char *name;
+int error;
+
+if (argc > 1 && ovs_scan(argv[argc - 1], "zone=%"SCNu16, &zone)) {
+pzone = &zone;
+argc--;
+}
+name = (argc == 2) ? xstrdup(argv[1]) : get_one_dp(dpctl_p);
+if (!name) {
+return EINVAL;
+}
+error = parsed_dpif_open(name, false, &dpif);
+free(name);
+if (error) {
+dpctl_error(dpctl_p, error, "opening datapath");
+return error;
+}
+
+ct_dpif_dump_start(dpif, &dump, pzone);
+while (!ct_dpif_dump_next(dump, &cte)) {
+struct ds s = DS_EMPTY_INITIALIZER;
+
+ct_dpif_format_entry(&cte, &s, dpctl_p->verbosity,
+ dpctl_p->print_statistics);
+ct_dpif_entry_uninit(&cte);
+
+dpctl_print(dpctl_p, "%s\n", ds_cstr(&s));
+ds_destroy(&s);
+}
+ct_dpif_dump_done(dump);
+dpif_close(dpif);
+return error;
+}
+
/* Undocumented commands for unit testing. */
@@ -1519,6 +1563,7 @@ static const struct dpctl_command all_commands[] = {
{ "get-flow", "get-flow [dp] ufid", 1, 2, dpctl_get_flow },
{ "del-flow", "del-flow [dp] flow", 1, 2, dpctl_del_flow },
{ "del-flows", "[dp]", 0, 1, dpctl_del_flows },
+{ "dump-conntrack", "[dp]", 0, 2, dpctl_dump_conntrack },
{ "help", "", 0, INT_MAX, dpctl_help },
{ "list-commands", "", 0, INT_MAX, dpctl_list_commands },
diff --git a/lib/dpctl.man b/lib/dpctl.man
index 8b0fcfe..54c3e8e 100644
--- a/lib/dpctl.man
+++ b/lib/dpctl.man
@@ -149,3 +149,27 @@ Fetches the flow from \fIdp\fR's flow table with unique
identifier \fIufid\fR.
.
.IP "\*(DX\fBdel\-flows\fR [\fIdp\fR]"
Deletes all flow entries from datapath \fIdp\fR's flow table.
+.SS "CONNECTION TRACKING TABLE DEBUGGING COMMANDS"
+The following commands are primarily useful for debugging the connection
+tracking entries in the datapath.
+.
+.PP
+The \fIdp\fR argument to each of these commands is optional when
+exactly one datapath exists, in which case that datapath is the
+default. When multiple datapaths exist, then a datapath name is
+required.
+.
+.PP
+\fBN.B.\fR(Linux specific): the \fIsystem\fR datapaths (i.e. the Linux
+kernel module Open vSwitch datapaths) share a single connection tracking
+table (which is also used by other kernel subsystems, such as iptables,
+nftables and the regular host stack). Therefore, the following commands
+do not apply specifically to one datapath.
+.
+.TP
+.DO "[\fB\-m\fR | \fB\-\-more\fR] [\fB\-s\fR | \fB\-\-statistics\fR]"
"\*(DX\fBdump\-conntrack\fR" "[\fIdp\fR] [\fBzone=\fIzone\fR]"
+Prints to the console all the connection entries in the tracker used by
+\fIdp\fR. If \fBzone=\fIzone\fR is specified, only shows the connections
+in \fBzone\fR. With \fB\-\-more\fR, some implementation specific details
+are included. With \fB\-\-statistics\fR timeouts and timestamps are
+added to the output.
--
2.1.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 04/11] ct-dpif: Add ct_dpif_flush().
This function will flush the connection tracking tables of a specific
datapath.
It simply calls a function pointer in the dpif_class. No dpif
currently implements the required interface.
The next commits will provide an implementation in dpif-netlink.
Signed-off-by: Daniele Di Proietto
---
lib/ct-dpif.c | 11 +++
lib/ct-dpif.h | 1 +
lib/dpif-netdev.c | 1 +
lib/dpif-netlink.c | 1 +
lib/dpif-provider.h | 4
5 files changed, 18 insertions(+)
diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c
index eb1b2fc..5f39513 100644
--- a/lib/ct-dpif.c
+++ b/lib/ct-dpif.c
@@ -107,6 +107,17 @@ ct_dpif_dump_done(struct ct_dpif_dump_state *dump)
: EOPNOTSUPP);
}
+/* Flush the entries in the connection tracker used by 'dpif'.
+ *
+ * If 'zone' is not NULL, flush only the entries in '*zone'. */
+int
+ct_dpif_flush(struct dpif *dpif, const uint16_t *zone)
+{
+return (dpif->dpif_class->ct_flush
+? dpif->dpif_class->ct_flush(dpif, zone)
+: EOPNOTSUPP);
+}
+
/* Free memory held by 'entry'. */
void
ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h
index 03f1c20..454be41 100644
--- a/lib/ct-dpif.h
+++ b/lib/ct-dpif.h
@@ -175,6 +175,7 @@ int ct_dpif_dump_start(struct dpif *, struct
ct_dpif_dump_state **,
const uint16_t *zone);
int ct_dpif_dump_next(struct ct_dpif_dump_state *, struct ct_dpif_entry *);
int ct_dpif_dump_done(struct ct_dpif_dump_state *);
+int ct_dpif_flush(struct dpif *, const uint16_t *zone);
void ct_dpif_entry_uninit(struct ct_dpif_entry *);
void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
bool verbose, bool print_stats);
diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index 0f76249..3440755 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -3690,6 +3690,7 @@ const struct dpif_class dpif_netdev_class = {
NULL, /* ct_dump_start */
NULL, /* ct_dump_next */
NULL, /* ct_dump_done */
+NULL, /* ct_flush */
};
static void
diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c
index bf81e61..fa995c1 100644
--- a/lib/dpif-netlink.c
+++ b/lib/dpif-netlink.c
@@ -2322,6 +2322,7 @@ const struct dpif_class dpif_netlink_class = {
NULL, /* ct_dump_start */
NULL, /* ct_dump_next */
NULL, /* ct_dump_done */
+NULL, /* ct_flush */
};
static int
diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h
index f00e635..a9844be 100644
--- a/lib/dpif-provider.h
+++ b/lib/dpif-provider.h
@@ -415,6 +415,10 @@ struct dpif_class {
int (*ct_dump_next)(struct dpif *, struct ct_dpif_dump_state *,
struct ct_dpif_entry *entry);
int (*ct_dump_done)(struct dpif *, struct ct_dpif_dump_state *state);
+
+/* Flushes the connection tracking tables. If 'zone' is not NULL,
+ * only deletes connections in '*zone'. */
+int (*ct_flush)(struct dpif *, const uint16_t *zone);
};
extern const struct dpif_class dpif_netlink_class;
--
2.1.4
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH 02/11] netlink-conntrack: New module.
This module uses the netlink interface provide by the Linux kernel
connection tracker to provide some visibility into the conntrack tables.
The module provides functions to:
* Convert a netlink representation of a connection into a
struct 'ct_dpif_entry'.
* Dump all the connections.
* Flush all the connections.
* Listen for updates by registering a netlink notifier.
It will be used by dpif-netlink to implement the interface required by
the ct-dpif module.
Based on original work by Jarno Rajahalme
Signed-off-by: Jarno Rajahalme
Signed-off-by: Daniele Di Proietto
---
lib/automake.mk | 2 +
lib/netlink-conntrack.c | 821
lib/netlink-conntrack.h | 61
3 files changed, 884 insertions(+)
create mode 100644 lib/netlink-conntrack.c
create mode 100644 lib/netlink-conntrack.h
diff --git a/lib/automake.mk b/lib/automake.mk
index 1986a31..6a20e55 100644
--- a/lib/automake.mk
+++ b/lib/automake.mk
@@ -345,6 +345,8 @@ lib_libopenvswitch_la_SOURCES += \
lib/if-notifier.h \
lib/netdev-linux.c \
lib/netdev-linux.h \
+ lib/netlink-conntrack.c \
+ lib/netlink-conntrack.h \
lib/netlink-notifier.c \
lib/netlink-notifier.h \
lib/netlink-protocol.h \
diff --git a/lib/netlink-conntrack.c b/lib/netlink-conntrack.c
new file mode 100644
index 000..e45145c
--- /dev/null
+++ b/lib/netlink-conntrack.c
@@ -0,0 +1,821 @@
+/*
+ * Copyright (c) 2015 Nicira, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include
+
+#include "netlink-conntrack.h"
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "byte-order.h"
+#include "compiler.h"
+#include "dynamic-string.h"
+#include "list.h"
+#include "netlink.h"
+#include "netlink-socket.h"
+#include "ofpbuf.h"
+#include "openvswitch/vlog.h"
+#include "poll-loop.h"
+#include "timeval.h"
+#include "unixctl.h"
+#include "util.h"
+
+VLOG_DEFINE_THIS_MODULE(netlink_conntrack);
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+
+/* This module works only if conntrack modules and features are enabled in the
+ * Linux kernel. This can be done from a root shell like this:
+ *
+ * $ modprobe ip_conntrack
+ * $ sysctl -w net.netfilter.nf_conntrack_acct=1
+ * $ sysctl -w net.netfilter.nf_conntrack_timestamp=1
+ *
+ * Also, if testing conntrack label feature without conntrack-aware OVS kernel
+ * module, there must be a connlabel rule in iptables for space to be reserved
+ * for the labels (see kernel source connlabel_mt_check()). Such a rule can be
+ * inserted from a root shell like this:
+ *
+ * $ iptables -A INPUT -m conntrack -m connlabel \
+ * --ctstate NEW,ESTABLISHED,RELATED --label 127 -j ACCEPT
+ */
+
+static const struct nl_policy nfnlgrp_conntrack_policy[__CTA_MAX];
+
+/* Declarations for conntrack netlink dumping. */
+static void nl_msg_put_nfgenmsg(struct ofpbuf *msg, size_t expected_payload,
+int family, uint8_t subsystem, uint8_t cmd,
+uint32_t flags);
+
+static bool nl_ct_parse_header_policy(struct ofpbuf *buf,
+enum nl_ct_event_type *event_type,
+uint8_t *nfgen_family,
+struct nlattr *attrs[ARRAY_SIZE(nfnlgrp_conntrack_policy)]);
+
+static bool nl_ct_attrs_to_ct_dpif_entry(struct ct_dpif_entry *entry,
+struct nlattr *attrs[ARRAY_SIZE(nfnlgrp_conntrack_policy)],
+uint8_t nfgen_family);
+
+struct nl_ct_dump_state {
+struct nl_dump dump;
+struct ofpbuf buf;
+bool filter_zone;
+uint16_t zone;
+};
+
+/* Conntrack netlink dumping. */
+
+/* Initialize a conntrack netlink dump. */
+int
+nl_ct_dump_start(struct nl_ct_dump_state **statep, const uint16_t *zone)
+{
+struct nl_ct_dump_state *state;
+
+*statep = state = xzalloc(sizeof *state);
+ofpbuf_init(&state->buf, NL_DUMP_BUFSIZE);
+
+if (zone) {
+state->filter_zone = true;
+state->zone = *zone;
+}
+
+nl_msg_put_nfgenmsg(&state->buf, 0, 0, NFNL_SUBSYS_CTNETLINK,
+IPCTNL_MSG_CT_GET, NLM_F_REQUEST);
+nl_dump_start(&state->dump, NETLINK_NETFILTER, &state->buf);
+ofpbuf_clear(&state->buf);
+
+return 0;
+}
+
+/* Receive the next 'entry' from the conntrack netlink dump with 'state'.
+ * Returns 'EOF' when no more entries are available, 0 otherwise. 'entry' may
+ * be unini
[ovs-dev] [PATCH 2/2] ofproto: Implement OFPT_QUEUE_GET_CONFIG_REQUEST for OFPP_ANY in OF1.1+.
I was not previously aware that this feature was missing.
Reported-by: Minoru TAKAHASHI
Reported-at: http://openvswitch.org/pipermail/discuss/2015-October/019229.html
Signed-off-by: Ben Pfaff
---
NEWS | 1 +
lib/ofp-util.c | 22 -
lib/ofp-util.h | 1 +
ofproto/ofproto.c| 51 +---
tests/ofproto.at | 9 +
utilities/ovs-ofctl.8.in | 11 +++
utilities/ovs-ofctl.c| 51 ++--
7 files changed, 102 insertions(+), 44 deletions(-)
diff --git a/NEWS b/NEWS
index 9b9dff2..abd7d9a 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,7 @@ Post-v2.4.0
- OpenFlow:
* Group chaining (where one OpenFlow group triggers another) is
now supported.
+ * OpenFlow 1.1+ OFPT_QUEUE_GET_CONFIG_REQUEST now supports OFPP_ANY.
* OpenFlow 1.4+ "importance" is now considered for flow eviction.
* OpenFlow 1.4+ OFPTC_EVICTION is now implemented.
* OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented.
diff --git a/lib/ofp-util.c b/lib/ofp-util.c
index 342be54..99e8e52 100644
--- a/lib/ofp-util.c
+++ b/lib/ofp-util.c
@@ -2437,14 +2437,23 @@ ofputil_decode_queue_get_config_request(const struct
ofp_header *oh,
case OFPRAW_OFPT10_QUEUE_GET_CONFIG_REQUEST:
qgcr10 = b.data;
*port = u16_to_ofp(ntohs(qgcr10->port));
-return 0;
+break;
case OFPRAW_OFPT11_QUEUE_GET_CONFIG_REQUEST:
qgcr11 = b.data;
-return ofputil_port_from_ofp11(qgcr11->port, port);
+enum ofperr error = ofputil_port_from_ofp11(qgcr11->port, port);
+if (error || *port == OFPP_ANY) {
+return error;
+}
+break;
+
+default:
+OVS_NOT_REACHED();
}
-OVS_NOT_REACHED();
+return (ofp_to_u16(*port) < ofp_to_u16(OFPP_MAX)
+? 0
+: OFPERR_OFPQOFC_BAD_PORT);
}
/* Constructs and returns the beginning of a reply to
@@ -2521,15 +2530,10 @@ ofputil_append_queue_get_config_reply(struct ofpbuf
*reply,
opq10->queue_id = htonl(oqc->queue_id);
len_ofs = (char *) &opq10->len - (char *) reply->data;
} else {
-struct ofp11_queue_get_config_reply *qgcr11;
struct ofp12_packet_queue *opq12;
-ovs_be32 port;
-
-qgcr11 = reply->msg;
-port = qgcr11->port;
opq12 = ofpbuf_put_zeros(reply, sizeof *opq12);
-opq12->port = port;
+opq12->port = ofputil_port_to_ofp11(oqc->port);
opq12->queue_id = htonl(oqc->queue_id);
len_ofs = (char *) &opq12->len - (char *) reply->data;
}
diff --git a/lib/ofp-util.h b/lib/ofp-util.h
index 8914342..81a62ba 100644
--- a/lib/ofp-util.h
+++ b/lib/ofp-util.h
@@ -894,6 +894,7 @@ enum ofperr ofputil_decode_queue_get_config_request(const
struct ofp_header *,
/* Queue configuration reply. */
struct ofputil_queue_config {
+ofp_port_t port;
uint32_t queue_id;
/* Each of these optional values is expressed in tenths of a percent.
diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
index c7dd8a2..471db9d 100644
--- a/ofproto/ofproto.c
+++ b/ofproto/ofproto.c
@@ -6204,30 +6204,12 @@ handle_group_features_stats_request(struct ofconn
*ofconn,
return 0;
}
-static enum ofperr
-handle_queue_get_config_request(struct ofconn *ofconn,
-const struct ofp_header *oh)
+static void
+put_queue_config(struct ofport *ofport, struct ofpbuf *reply)
{
- struct ofproto *p = ofconn_get_ofproto(ofconn);
struct netdev_queue_dump queue_dump;
- struct ofport *ofport;
unsigned int queue_id;
- struct ofpbuf *reply;
struct smap details;
- ofp_port_t request;
- enum ofperr error;
-
- error = ofputil_decode_queue_get_config_request(oh, &request);
- if (error) {
- return error;
- }
-
- ofport = ofproto_get_port(p, request);
- if (!ofport) {
- return OFPERR_OFPQOFC_BAD_PORT;
- }
-
- reply = ofputil_encode_queue_get_config_reply(oh);
smap_init(&details);
NETDEV_QUEUE_FOR_EACH (&queue_id, &details, &queue_dump, ofport->netdev) {
@@ -6235,13 +6217,42 @@ handle_queue_get_config_request(struct ofconn *ofconn,
/* None of the existing queues have compatible properties, so we
* hard-code omitting min_rate and max_rate. */
+ queue.port = ofport->ofp_port;
queue.queue_id = queue_id;
queue.min_rate = UINT16_MAX;
queue.max_rate = UINT16_MAX;
ofputil_append_queue_get_config_reply(reply, &queue);
}
smap_destroy(&details);
+}
+
+static enum ofperr
+handle_queue_get_config_request(struct ofconn *ofconn,
+const struct ofp_header *oh)
+{
+ struct ofproto *ofproto = ofconn_get_ofproto(ofconn);
+ ofp_port_t port;
+ enum ofperr error;
+ error = ofputil_decode_queue_get_config_request(oh, &port);
+ if (error) {
+ return error;
+ }
+
+ struct o
[ovs-dev] [PATCH 1/2] ovs-ofctl: Generalize code for finding ports into general-purpose iterator.
The port_iterator will acquire another user in an upcoming commit.
Signed-off-by: Ben Pfaff
---
utilities/ovs-ofctl.c | 233 ++
1 file changed, 123 insertions(+), 110 deletions(-)
diff --git a/utilities/ovs-ofctl.c b/utilities/ovs-ofctl.c
index ee15e1a..c3892c7 100644
--- a/utilities/ovs-ofctl.c
+++ b/utilities/ovs-ofctl.c
@@ -823,145 +823,151 @@ ofctl_dump_table_desc(struct ovs_cmdl_context *ctx)
}
-static bool fetch_port_by_stats(struct vconn *,
-const char *port_name, ofp_port_t port_no,
-struct ofputil_phy_port *);
-
-/* Uses OFPT_FEATURES_REQUEST to attempt to fetch information about the port
- * named 'port_name' or numbered 'port_no' into '*pp'. Returns true if
- * successful, false on failure.
- *
- * This is only appropriate for OpenFlow 1.0, 1.1, and 1.2, which include a
- * list of ports in OFPT_FEATURES_REPLY. */
static bool
-fetch_port_by_features(struct vconn *vconn,
- const char *port_name, ofp_port_t port_no,
- struct ofputil_phy_port *pp)
+str_to_ofp(const char *s, ofp_port_t *ofp_port)
{
-struct ofputil_switch_features features;
-const struct ofp_header *oh;
-struct ofpbuf *request, *reply;
-enum ofperr error;
-enum ofptype type;
-struct ofpbuf b;
-bool found = false;
+bool ret;
+uint32_t port_;
+
+ret = str_to_uint(s, 10, &port_);
+*ofp_port = u16_to_ofp(port_);
+return ret;
+}
+
+struct port_iterator {
+struct vconn *vconn;
+
+enum { PI_FEATURES, PI_PORT_DESC } variant;
+struct ofpbuf *reply;
+ovs_be32 send_xid;
+bool more;
+};
+
+static void
+port_iterator_fetch_port_desc(struct port_iterator *pi)
+{
+pi->variant = PI_PORT_DESC;
+pi->more = true;
+
+struct ofpbuf *rq = ofputil_encode_port_desc_stats_request(
+vconn_get_version(pi->vconn), OFPP_ANY);
+pi->send_xid = ((struct ofp_header *) rq->data)->xid;
+send_openflow_buffer(pi->vconn, rq);
+}
+
+static void
+port_iterator_fetch_features(struct port_iterator *pi)
+{
+pi->variant = PI_FEATURES;
/* Fetch the switch's ofp_switch_features. */
-request = ofpraw_alloc(OFPRAW_OFPT_FEATURES_REQUEST,
- vconn_get_version(vconn), 0);
-run(vconn_transact(vconn, request, &reply),
-"talking to %s", vconn_get_name(vconn));
+enum ofp_version version = vconn_get_version(pi->vconn);
+struct ofpbuf *rq = ofpraw_alloc(OFPRAW_OFPT_FEATURES_REQUEST, version, 0);
+run(vconn_transact(pi->vconn, rq, &pi->reply),
+"talking to %s", vconn_get_name(pi->vconn));
-oh = reply->data;
-if (ofptype_decode(&type, reply->data)
+const struct ofp_header *oh = pi->reply->data;
+enum ofptype type;
+if (ofptype_decode(&type, pi->reply->data)
|| type != OFPTYPE_FEATURES_REPLY) {
-ovs_fatal(0, "%s: received bad features reply", vconn_get_name(vconn));
+ovs_fatal(0, "%s: received bad features reply",
+ vconn_get_name(pi->vconn));
}
-if (!ofputil_switch_features_has_ports(reply)) {
+if (!ofputil_switch_features_has_ports(pi->reply)) {
/* The switch features reply does not contain a complete list of ports.
* Probably, there are more ports than will fit into a single 64 kB
* OpenFlow message. Use OFPST_PORT_DESC to get a complete list of
* ports. */
-ofpbuf_delete(reply);
-return fetch_port_by_stats(vconn, port_name, port_no, pp);
+ofpbuf_delete(pi->reply);
+pi->reply = NULL;
+port_iterator_fetch_port_desc(pi);
+return;
}
-error = ofputil_decode_switch_features(oh, &features, &b);
+struct ofputil_switch_features features;
+enum ofperr error = ofputil_decode_switch_features(oh, &features,
+ pi->reply);
if (error) {
ovs_fatal(0, "%s: failed to decode features reply (%s)",
- vconn_get_name(vconn), ofperr_to_string(error));
+ vconn_get_name(pi->vconn), ofperr_to_string(error));
}
+}
-while (!ofputil_pull_phy_port(oh->version, &b, pp)) {
-if (port_no != OFPP_NONE
-? port_no == pp->port_no
-: !strcmp(pp->name, port_name)) {
-found = true;
-break;
-}
+/* Initializes 'pi' to prepare for iterating through all of the ports on the
+ * OpenFlow switch to which 'vconn' is connected.
+ *
+ * During iteration, the client should not make other use of 'vconn', because
+ * that can cause other messages to be interleaved with the replies used by the
+ * iterator and thus some ports may be missed or a hang can occur. */
+static void
+port_iterator_init(struct port_iterator *pi, struct vconn *vconn)
+{
+memset(pi, 0, sizeof *pi);
+pi->vconn = vconn;
+if (vconn_get_version(vconn) < OFP13_VERSION) {
+
Re: [ovs-dev] [PATCH] ovn-architecture: Start describing how to connect to physical networks.
More accurately, I'm abandoning the iptables method. There are better ways that avoid using it. I'll be back in a while with better ways to connect to physical networks. On Tue, Nov 03, 2015 at 02:48:15PM -0800, Han Zhou wrote: > Hi Ben, > > Could you share the reason of abandoning? Looking forward to a new patch > regarding this topic. > > Han > > On Tue, Nov 3, 2015 at 1:42 PM, Ben Pfaff wrote: > > > On Thu, Oct 22, 2015 at 09:28:51AM -0700, Ben Pfaff wrote: > > > Signed-off-by: Ben Pfaff > > > > I'm abandoning this patch. > > ___ > > dev mailing list > > dev@openvswitch.org > > http://openvswitch.org/mailman/listinfo/dev > > ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] ovn-tutorial: Add a section on ACLs.
On Thu, Oct 22, 2015 at 11:06:53AM -0400, Russell Bryant wrote: > On 10/21/2015 04:17 PM, Russell Bryant wrote: > > Add a section that gives a quick introduction to applying ACLs. > > This section doesn't include ovs-appctl commands to run, as I haven't > > figured out a useful series of commands that works for packets going > > through conntrack. It does at least show you how to quickly look at > > what flows are generated, which already seems to be a pretty common > > question by people looking for examples of using ovs+conntrack. > > > > Signed-off-by: Russell Bryant > > Actually, wait on a v2 for this. There's at least one typo. The > OpenFlow flows are also wrong. I guess in ovs-sandbox it doesn't think > the datapath supports conntrack integration so the flows aren't what > you'd want to see. I'll work on a better section about this. I don't think we ever saw a v2. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] ovn-tutorial: Add a section on ACLs.
> On Nov 3, 2015, at 8:23 PM, Ben Pfaff wrote: > >> On Thu, Oct 22, 2015 at 11:06:53AM -0400, Russell Bryant wrote: >>> On 10/21/2015 04:17 PM, Russell Bryant wrote: >>> Add a section that gives a quick introduction to applying ACLs. >>> This section doesn't include ovs-appctl commands to run, as I haven't >>> figured out a useful series of commands that works for packets going >>> through conntrack. It does at least show you how to quickly look at >>> what flows are generated, which already seems to be a pretty common >>> question by people looking for examples of using ovs+conntrack. >>> >>> Signed-off-by: Russell Bryant >> >> Actually, wait on a v2 for this. There's at least one typo. The >> OpenFlow flows are also wrong. I guess in ovs-sandbox it doesn't think >> the datapath supports conntrack integration so the flows aren't what >> you'd want to see. I'll work on a better section about this. > > I don't think we ever saw a v2. Indeed. :-) Tokyo happened and I forgot about it. I'll fix it up tomorrow. Russell ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] 代-开>>税-票
您好! 我公司有行业税--票可对外代--开; 如:(1)商品销售税--票; (2)广告业、各类服务业等等税--票。 贵公司如有需要,欢迎您来电与我联系: 负责人:钱先生(0)13537741120 ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] dpctl: Fix jump through wild pointer in "dpctl/help".
On Tue, Oct 20, 2015 at 10:55:37PM +, Daniele Di Proietto wrote: > > On 17/10/2015 14:24, "Ben Pfaff" wrote: > > >dpctl_unixctl_handler() didn't fully initialize the dpctl_params structure > >it passed to the handler, which meant that dpctl_help() could see a > >nonnull > >(indeterminate) 'usage' pointer and jump through it, causes a crash. > >This commit fixes the crash by fully initializing the structure. > > > >The dpctl/help command wasn't going to do anything useful anyway, so this > >commit also stops registering it. > > > >Reported-by: Murali R > >Reported-at: > >https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_piperm > >ail_discuss_2015-2DOctober_019135.html&d=BQIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJA > >XVeAw-YihVMNtXt-uEs&r=SmB5nZacmXNq0gKCC1s_Cw5yUNjxgD4v5kJqZ2uWLlE&m=OrWGS3 > >tQ3PzCvpaif3pjUIuOxAY8nQCTY_8Q_Qs_Wj8&s=TeEaw1_lnbTmgin2fd7Sjw0dEf__XAROJU > >z7KORhS1s&e= > >Signed-off-by: Ben Pfaff > > Acked-by: Daniele Di Proietto Thanks Daniele, I applied this to master and branch-2.4. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Mail System Error - Returned Mail
Your message could not be delivered ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] ofp-parse: Fix parsing, formatting of multiple fields in NTR extension.
On Mon, Oct 19, 2015 at 11:17:16AM +0900, Simon Horman wrote: > On Fri, Oct 16, 2015 at 08:21:06AM -0700, Ben Pfaff wrote: > > Until now, the only way to specify multiple fields in the "fields" > > parameter for the Netronome groups extension, was to specify "fields" > > more than once, e.g. fields=eth_dst,fields=ip_dst > > > > However, this wasn't documented and the code in ofp-print didn't use it, > > generating output that couldn't be parsed. > > > > This commit fixes the situation by introducing a more straightforward > > syntax, e.g. fields(eth_dst,ip_dst), documents it, and adjusts ofp-print > > code to use it when there is more than one field (it retains the previous > > format for backward compatibility when there is exactly one field) > > > > CC: Simon Horman > > Signed-off-by: Ben Pfaff > > Acked-by: Simon Horman Thanks, applied to master and branch-2.4. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH v2] netdev_dpdk.c: Add QoS functionality.
On Thu, Oct 22, 2015 at 09:29:37AM +, Stokes, Ian wrote: > Just wondering if anyone has input on v2 of the netdev-dpdk QoS patch? > Any feedback would be much appreciated. I don't object but I'm the wrong person to affirmatively review it. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] ovs-atomic: loss some patches for v2.3.2
On Tue, Oct 13, 2015 at 11:39:10AM +0800, linhaifeng wrote: > 于 2015/10/12 23:24, Ben Pfaff 写道: > >Please propose which ones you want to cherry-pick, and what problems > >they fix. > we apply cmap patches from v2.4 for v2.3.2 found that dead loop in > cmap_find__. > because read_even_counter read the counter is 3 . > > because the counter is not atomic and > 860f83f3f290aabddc033548848c953dc7b8dd0f resolved this problem So you want me to apply 860f83f3f290aabddc033548848c953dc7b8dd0f to branch-2.3? Or something else? Thanks, Ben. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] [PATCH] bugfix of ovsdb-client connecting error when updating ca_crt.pem file many times
On Tue, Oct 13, 2015 at 12:41:14PM +, Liuyongqiang (A) wrote: > From 786c6d16ab18197a750f832e4eed1ccfa1183d04 Mon Sep 17 00:00:00 2001 > From: YongQiangLiu > Date: Tue, 13 Oct 2015 19:37:32 +0800 > Subject: [PATCH] bugfix of ovsdb-client connecting error when updating > ca_crt.pem file many times > > this patch fixed the bug of ovsdb-client connecting failed when user update > ca crt > file upto 649 times > > Signed-off-by: YongQiangLiu This patch adds two warnings: ../lib/stream-ssl.c:1245:12: error: unused variable 'certs' [-Werror,-Wunused-variable] X509 **certs; ^ ../lib/stream-ssl.c:1246:12: error: unused variable 'n_certs' [-Werror,-Wunused-variable] size_t n_certs; Please fix them, and please honor the existing code style. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] Returned mail: Data format error
Your message was undeliverable due to the following reason(s): Your message could not be delivered because the destination computer was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now. Your message was not delivered within 4 days: Host 41.176.244.139 is not responding. The following recipients did not receive this message: Please reply to postmas...@openvswitch.org if you feel this message to be in error. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] [PATCH] Better abstract OFPT_SET_CONFIG and OFPT_GET_CONFIG_REPLY, make stricter.
The OFPT_SET_CONFIG and OFPT_GET_CONFIG_REPLY messages, which have the
same format, have a 'flags' field in which OpenFlow defines some bits,
which change somewhat from one version to another, and does not define
others. Until now, Open vSwitch has not abstracted these messages at all
and has ignored the bits that OpenFlow leaves undefined. This commit
abstracts the messages in the same way as other OpenFlow messages and
validates in OFPT_SET_CONFIG messages that the undefined bits are set to
zero.
OpenFlow 1.1 and 1.2, but not OpenFlow 1.0, define a flag named
OFPC_INVALID_TTL_TO_CONTROLLER. Open vSwitch has until now also
implemented this as an extension to OpenFlow 1.0, and this commit retains
that extension.
Reported-by: Manpreet Singh
Signed-off-by: Ben Pfaff
---
AUTHORS| 1 +
lib/learning-switch.c | 9 ++--
lib/ofp-print.c| 43 +--
lib/ofp-util.c | 101 -
lib/ofp-util.h | 39 +++--
ofproto/ofproto-dpif.c | 12 +++---
ofproto/ofproto-provider.h | 22 +-
ofproto/ofproto.c | 49 ++
utilities/ovs-ofctl.8.in | 2 +
utilities/ovs-ofctl.c | 93 ++---
10 files changed, 251 insertions(+), 120 deletions(-)
diff --git a/AUTHORS b/AUTHORS
index cb1cf57..14d00bc 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -313,6 +313,7 @@ Len Gao l...@vmware.com
Logan Rosen logatron...@gmail.com
Luca Falavigna dktrkr...@debian.org
Luiz Henrique Ozaki luiz.oz...@gmail.com
+Manpreet Singh er.manpree...@gmail.com
Marco d'Itrim...@linux.it
Martin Vizvary vizv...@ics.muni.cz
Marvin Pascual mar...@pascual.com.ph
diff --git a/lib/learning-switch.c b/lib/learning-switch.c
index 7ddf69b..59223d7 100644
--- a/lib/learning-switch.c
+++ b/lib/learning-switch.c
@@ -469,7 +469,6 @@ static void
send_features_request(struct lswitch *sw)
{
struct ofpbuf *b;
-struct ofp_switch_config *osc;
int ofp_version = rconn_get_version(sw->rconn);
ovs_assert(ofp_version > 0 && ofp_version < 0xff);
@@ -479,10 +478,10 @@ send_features_request(struct lswitch *sw)
queue_tx(sw, b);
/* Send OFPT_SET_CONFIG. */
-b = ofpraw_alloc(OFPRAW_OFPT_SET_CONFIG, ofp_version, sizeof *osc);
-osc = ofpbuf_put_zeros(b, sizeof *osc);
-osc->miss_send_len = htons(OFP_DEFAULT_MISS_SEND_LEN);
-queue_tx(sw, b);
+struct ofputil_switch_config config = {
+.miss_send_len = OFP_DEFAULT_MISS_SEND_LEN
+};
+queue_tx(sw, ofputil_encode_set_config(&config, ofp_version));
}
static void
diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 240ba84..af88fe2 100644
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -496,25 +496,39 @@ ofp_print_switch_features(struct ds *string, const struct
ofp_header *oh)
}
static void
-ofp_print_switch_config(struct ds *string, const struct ofp_switch_config *osc)
+ofp_print_switch_config(struct ds *string,
+const struct ofputil_switch_config *config)
{
-enum ofp_config_flags flags;
+ds_put_format(string, " frags=%s",
+ ofputil_frag_handling_to_string(config->frag));
-flags = ntohs(osc->flags);
-
-ds_put_format(string, " frags=%s", ofputil_frag_handling_to_string(flags));
-flags &= ~OFPC_FRAG_MASK;
-
-if (flags & OFPC_INVALID_TTL_TO_CONTROLLER) {
+if (config->invalid_ttl_to_controller > 0) {
ds_put_format(string, " invalid_ttl_to_controller");
-flags &= ~OFPC_INVALID_TTL_TO_CONTROLLER;
}
-if (flags) {
-ds_put_format(string, " ***unknown flags 0x%04"PRIx16"***", flags);
+ds_put_format(string, " miss_send_len=%"PRIu16"\n", config->miss_send_len);
+}
+
+static void
+ofp_print_set_config(struct ds *string, const struct ofp_header *oh)
+{
+struct ofputil_switch_config config;
+enum ofperr error;
+
+error = ofputil_decode_set_config(oh, &config);
+if (error) {
+ofp_print_error(string, error);
+return;
}
+ofp_print_switch_config(string, &config);
+}
-ds_put_format(string, " miss_send_len=%"PRIu16"\n",
ntohs(osc->miss_send_len));
+static void
+ofp_print_get_config_reply(struct ds *string, const struct ofp_header *oh)
+{
+struct ofputil_switch_config config;
+ofputil_decode_get_config_reply(oh, &config);
+ofp_print_switch_config(string, &config);
}
static void print_wild(struct ds *string, const char *leader, int is_wild,
@@ -3163,8 +3177,11 @@ ofp_to_string__(const struct ofp_header *oh, enum ofpraw
raw,
break;
case OFPTYPE_GET_CONFIG_REPLY:
+ofp_print_get_config_reply(string, oh);
+break;
+
case OFPTYPE_SET_CONFIG:
-ofp_print_switch_config(string, ofpmsg_body(oh));
+ofp_print_set_config(string, oh);
break;
case OFPTYPE_PACKET_IN:
diff --git a/
Re: [ovs-dev] [PATCH] ofp-parse: Fix parsing, formatting of multiple fields in NTR extension.
On Tue, Nov 03, 2015 at 07:53:06PM -0800, Ben Pfaff wrote: > On Mon, Oct 19, 2015 at 11:17:16AM +0900, Simon Horman wrote: > > On Fri, Oct 16, 2015 at 08:21:06AM -0700, Ben Pfaff wrote: > > > Until now, the only way to specify multiple fields in the "fields" > > > parameter for the Netronome groups extension, was to specify "fields" > > > more than once, e.g. fields=eth_dst,fields=ip_dst > > > > > > However, this wasn't documented and the code in ofp-print didn't use it, > > > generating output that couldn't be parsed. > > > > > > This commit fixes the situation by introducing a more straightforward > > > syntax, e.g. fields(eth_dst,ip_dst), documents it, and adjusts ofp-print > > > code to use it when there is more than one field (it retains the previous > > > format for backward compatibility when there is exactly one field) > > > > > > CC: Simon Horman > > > Signed-off-by: Ben Pfaff > > > > Acked-by: Simon Horman > > Thanks, applied to master and branch-2.4. Great, thanks. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
Re: [ovs-dev] PassiveStream class in IDL library doesn't support AF_INET socket
Hi Ben, In my earlier email, I wanted to enquire whether the feature to receive socket open requests from an OVSDB server is available in the IDL class (per the configuration in the Hardware_Vtep Manager table). Currently, I do not have a bandwidth to contribute in the IDL library due to other high priority items on my plate. I will let you know when I have some free cycles. Thanks, Vikas -Original Message- From: Ben Pfaff [mailto:b...@nicira.com] Sent: Wednesday, November 04, 2015 1:00 AM To: D M, Vikas Cc: dev@openvswitch.org; Kamat, Maruti Haridas ; Nigam, Tirupati Nath (HP Networking) Subject: Re: [ovs-dev] PassiveStream class in IDL library doesn't support AF_INET socket On Wed, Oct 28, 2015 at 07:39:42AM +, D M, Vikas wrote: > We thought of using ovs IDL library for implementing the L2gateway in > openstack with ovsdb hardwatre vtep schema. > (https://wiki.openstack.org/wiki/Neutron/L2-GW ). > > ovsdb server initiates the connection to l2gateway agent with the entries in > manager table in ovsdb hardware vtep schema. > (https://bugs.launchpad.net/networking-l2gw/+bug/1466302 ) > > In this case the server code in ovs IDL (PassiveStream class) has to accept > the connection from ovsdb. > But currently, the supported type is punix (AF_UNIX). > (https://github.com/openvswitch/ovs/blob/master/python/ovs/stream.py ) > > So is there a way to accept tcp connection in IDL library? It's an unimplemented feature of the Python version of the IDL. We'd accept a patch to implement the feature. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
[ovs-dev] problems debugging datapath module
hi all, I tried to put a "printk" line into the biginning of function "ovs_dp_process_packet", since i assumed that every packet appeared in the links to the switch will trigger that function. but when i updated ovs and start mininet with the modified ovs, i still cannot see the output of "printk" in syslog at /var/log after a "pingall" command. will the outcomes be put somewhere else? or did I missed something so that the "printk" didn't work? Thanks a lot. Hs. ___ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
